Technological Grail Quest and some reviews too.

Post Page Advertisement [Top]

I have been considering the security of a computer network a lot lately. In that I am currently running a Linux box, the issue is not as much of a matter as when I was running Windows boxes. However in my idea to design and build a network that is secure (at least at the time of design), I have considered many aspects. One is the security of the initial point of entry for the local network to the wide area network. Look at it this way, we are securing our home from intrusion. Part of that security is not just identity on the web, but also presence within the web. The Wide area network is unsecured, and hopefully will remain that way, as it should be an individual responsibility to secure their own presence. Granted I realize this means the purchase of security solutions by individuals, but that means that it remains in the private sector, not in the hands of the government, where too many options present a problem for the user. There are areas in which this consideration of security can travel, through many realms of possible, with no current common denominator to attach to.

Returning to the securing the network as a home model, the first place to look is in the perimeters. The nearest perimeter is the the farthest the WAN approaches. Determine the network POE (point of entry) to indicate the first point at which security must be considered. It does not matter the type of WAN connection, even a wireless connection has a point of entry. In most cases the POE is a wired connection (or optical link). To first secure the WAN link, you must secure the physical properties. You cannot secure any property that is beyond the individual control, so the best at this time is a locked box on the house where the wire enters the house. This secures the physical property of the WAN as best as is possible. The ideal situation is a wireless WAN from a satellite link, as both the wireless link can be secured, and the physical property can be secured. The physical property of the satellite dish antenna can be secured with fence, and the cable secured at the antenna site through the POE into the home with cladding and burial procedures. The wireless part of the link can be secured using network protocols. This is done with the Gateway server.

The Gateway server is the first point where the network enters the home network or LAN. If you are then using a local wireless network, this too will have to be secured by the Gateway. The Gateway server negotiates the network traffic from the LAN to the WAN. Inside the Gateway server is the network server. For truly secure networks, a security server would be inside the Gateway server (however for most networks, the security server is part of the gateway server). Given that the Gateway is then asked to secure the incoming and outgoing traffic on the network, it does not concern the internal traffic of the LAN. The internal traffic of the LAN is then negotiated by the load balancer, or LAN server. The LAN server should be inside the Gateway, and also separate from the web server. The Web server is not exclusive of the world wide web, nor does it serve pages to the web in the way that a remote host web server does, but actually acts as a server to the LAN server that handles http request from either the LAN or the WAN. This means that http request do not route through the LAN but through the web server, although they may then be routed through the LAN server after they have been processed at the web server. The web server may be made part of the Gateway server, however it is best if it sits between the LAN server and the security server or Gateway.

Now this always happens, I stepped away for some reason and now I have no idea where I was going. Any way I will have to re-read this and probably re-write it. If it matters at all I will publish it as is, and revise it as I get to it. Comments will be taken in stride, since even I don't know what I was writing.

More on this latter...


Bottom Ad [Post Page]

| Designed by Colorlib