- My team can assist as IT security consultants, helping with assessments, pen testing, and other projects.
- Malware sucks. I can teach you to reverse-engineer it at SANS Institute in Las Vegas and Washington DC.
- Join your peers in a security round-table discussion that I'm leading at SAVVIS in New York.
Network Perimeter Defense Architecture: A Case Study
This paper, written as a case study, documents a comprehensive architecture for defending network resources of a fictitious company. It illustrates an approach to setting up a strong security perimeter. This document was submitted to SANS GIAC to fulfill GIAC Certified Firewall Analyst (GCFW) certification requirements.
A the moment, this paper is only available in Adobe Acrobat PDF format. You may download it here. The table of contents is listed below for your convenience:
- Part 1: Security Architecture
- 1.1 Assigned Task
- 1.2 Application Architecture
- 1.3 Perimeter Defense
- 1.4 External Connectivity
- 1.5 Implementation
- Part 2: Security Policy
- 2.1 Assigned Task
- 2.2 Guiding Principles
- 2.3 Border Router
- 2.4 Firewalls
- 2.5 VPN Configuration
- 2.6 Applying Policy
- 2.7 Compliance Monitoring
- Part 3: Audit of the Security Architecture
- 3.1 Assigned Task
- 3.2 Planning the Assessment
- 3.3 Assessment of Security Design
- 3.4 Assessment of Defense Perimeter Implementation
- 3.5 Assessment of Defense Component Implementation
- 3.6 Defense Improvement Recommendations
- Part 4: Design Under Fire
- 4.1 Assigned Task
- 4.2 Targeted Architecture
- 4.3 Attacking the Firewall
- 4.4 Denial of Service Attack
- 4.5 Compromising an Internal System
Post-Scriptum
This paper was written in 2001. The GCFW certification practical requirements, which this paper fulfilled, are listed on the following site:
GIAC LevelTwo Firewalls, Perimeter Protection, and VPNs Practical Assignment for Capitol SANS, Version 1.4, December 2000. URL: http://www.sans.org/capsans/GCFW_assignment.htm.
Copyright © 1995-2008 Lenny Zeltser. All rights reserved. RSS Feed.