Home > Cloud Computing > Cloud Security

Network security device practices

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

 

We will discuss the practices of network security equipment, and we should arrange the location of the equipment in actual work. The advantages of such deployment are extremely inadequate.

1. Basic router filter practices

 

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/0T412G49-0.png "/>

Disadvantages:

1. The service area is in the Intranet. Once the server is broken, it will directly attack the Intranet without going through the filter of the router.

2. access list control is extremely similar for external users to access

3. A large number of ports need to be opened

Dual-route DMZ Design

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/0T4124G4-1.png "/>

Features:

1. The Public Service Area is separated from the Intranet. Once the public service area is broken, a second router is required to access the Intranet.

2. The second server has a more detailed ACL

Status firewall DMZ Design

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/0T4125J0-2.png "/>

We can use status firewalls to replace routers.

1. Some firewalls do not support advanced routing protocols and Multicast

2. We perform RFC 1918 2827 filter at the entry.

DMZ Design of A Three-interface Firewall

 

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/0T41263S-3.png "/>

This is the classic design we usually adopt now.

1. All traffic must be filtered by the firewall.

2. Make sure to restrict access from the public service area to the Intranet. Otherwise, the public service area is still in the Intranet structure. The old saying goes: do not trust the Internet or your own public service area.

Multi-firewall Design

 

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/0T4125V9-4.png "/>

1. The trust service area accepts half-trust requests, half-trust accepts non-trust requests, and non-trust accepts Internet requests.

2. We recommend that you use products from Multiple Firewall vendors to prevent product vulnerabilities.

Different acl categories

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/0T4122S6-5.png "/>

 

This article is from the "cisco network" blog. For more information, contact the author!

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
jde security best practices network dmz best practices php security best practices mariadb security best practices snmp security best practices gke security best practices scada security best practices
Related Article
How does personal cloud security guarantee data security?
Focus on three major cloud security areas, you know?
Decrypting Cisco type 5 password hashes
Using redis to write webshell

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More