

Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
The design of security systems within networks, focusing on the creation of security zones and mitigation techniques for protocol layer specific vulnerabilities. The creation of security zones, such as demilitarized zones (dmz) and virtual route forwarding tables (vrfs), helps segment network traffic and functions, promoting security within the lan while reducing overall complexity. Mitigating vulnerabilities at specific protocol layers, such as link encryption, ieee 802.11ae, and ipsec, is another key element of security system design. Examples and references for further study.
Typology: Lecture notes
1 / 3
This page cannot be seen from the preview
Don't miss anything!


Week 7 Assignment ISSC Abstract Security systems make up the primary defense within networks, and designing security measures to protect network information is a key tenant of network security. This paper will explore some of the central elements of security system designs, such as the creation of security zones and mitigation techniques for protocol layer specific vulnerabilities. Keywords: security, design Security System Design Security systems within networks must be designed in a way that promotes the protection of information within an organization. Throughout the world today, the Internet of Things (IoT) has created a grand ecosystem of interconnected devices whose purposes complement each other. This also creates security problems, as most modern technology is able to connect wirelessly to networks. One thing that can help mitigate risks associated with connected devices is through the creation of security zones. Security zones within a network serve to segment different elements of network traffic and functions from each other. These zones can be generalized as uncontrolled, such as the internet, and controlled, or the local area network (LAN). Network security professionals can go even further depending on the availability of hardware or software to define a demilitarized zone (DMZ), and separate internal network traffic based on purpose using virtual route forwarding tables (VRFs). Defining these security zones is dependent on the organizations requirements; if there is no need for a DMZ to be established, then the zone will not be defined or created. In the event a DMZ is needed, it can be used as a buffer between the
internet and LAN where resources from the organization can be available to trusted external users without requiring the ability for those external users from accessing the LAN environment (Patel, 2020, p. 1). This promotes security within the LAN while also reducing the overall complexity of the network design, due to not having to create various other controls for external-to-internal connections. Mitigating vulnerabilities within specific protocol layers is another key element of security system design. Each layer of the OSI model has vulnerabilities, so identifying and mitigating them as part of the network design is a fundamental aspect of security system design. There are many different vulnerabilities and mitigation techniques that can be used, so below are only a few examples as identified by Stuart Jacobs in the book Engineering Information Security: The Application of Systems Engineering Concepts to Achieve Information Assurance (2016): Link encryption – Link encryption is performed on the physical layer, or layer 1. Link encryption uses hardware encryptors to take all signals the device receives what is called plain-text data and encrypts into cypher-text data before sending it across a physical medium to the next device. IEEE 802.11ae – This IEEE standard is enacted on the data link layer, or layer 2 and governs the use of MACsec. MACsec allows a network device to authenticate an end- user device, allowing it access to the network only if it is authorized to do so through the MACsec configuration. IPsec – IP security is done on the network layer, or layer 3. IPsec combined with Generic Routing Encapsulation (GRE) tunnels can create a secure connection between two or more devices. There are far more mitigation techniques the higher an individual goes up the stack however the purpose remains the same; secure the layer to protect the data. These, along with