Building a secure Internet Data Center Network Infrastructure

The principle goal of this paper is to provide best practice information on designing and implementing secure networks in an Internet Data Center. I will focus on the expected threats and their methods of mitigation, rather than on "Put the firewall here, put the intrusion detection system there." I will begin this document with an overview of the architecture, then details the specific modules that make up the actual network design. The first three sections of each module describe the traffic flows, key devices, and expected threats with basic mitigation diagrams. Detailed technical analysis of the design follows, along with more detailed threat mitigation techniques and migration strategies.

Tags:

Read the complete paper at SANS