On the network edge, we placed a pair of Cisco 7400-series routers just in front of the firewall. These will initially let us get on and off the Internet in a graceful fashion but could, in the future, support multiple ISP connections and secure links to business partners.
Things We're Keeping to Ourselves
Security is an increasingly high-profile concern for IT. With the majority of NWC Inc.'s revenue coming from online transactions, it one of our highest priorities as well. Not only must we secure purchases, we need to safeguard our customers' privacy. That's not only good business from a customer-relationship point of view, it's becoming increasingly apparent that companies that don't make a best-effort attempt to secure customer data will be held financially liable.
There was no discussion on whether to deploy a firewall--it was a given. But selecting the firewall was a challenge. While we initially favored Check Point Software Technologies' offerings, the additional hardware costs were prohibitive. Ultimately, we decided on a SonicWall solution, based on a lower TCO and staff familiarity with the product line.
We also designed our network with security in mind, leaving only the Web server in the DMZ and all other services routed to and managed by the firewall. But a firewall does not generally inspect packets at Layer 7, where most Web-based attacks are initiated. We wanted to avoid the Nimdas and Code Reds of the future, and while we can't stop them from attacking, we can stop them from propagating by employing an Apache Web server running on a Red Hat Linux server. We've locked down the server by removing nonessential services, allowing secure access only from specific servers for management purposes and applying security patches.
Network automation is gaining momentum. Here's how you can drive this powerful technology to its full potential.
Subsea cable alternatives can provide a level of comfort for those concerned about disruptions. Realistically, they will continue to play a small, but critical role in the short term.
Maintaining existing network infrastructures often incurs huge technical debt before newer technologies are adopted over time.
