How to build a secure network from the ground up

Receive peer advice on what steps are crucial when building a secure network from the ground up. Also learn what resources are available to guide you through this process.


The following question and answer thread is excerpted from ITKnowledge Exchange. Click here to read the entire thread or to start a new one. 

A user identified as enghashem posed this question:
I am interested in building a network for 100 users. It needs to be reliable, have an impeccable disaster recovery system and have other security features, including a firewall, antivirus and antispam. I will install this on Windows Server 2003, Exchange and ISA. Are there any resources that will show me how to create this complete network? I need information on router switches, security appliances and backup systems available on the market. 

A user identified as DrillO advised:
"First, meet with EVERYONE who will be involved, from the CEO and CFO to department heads. Next, take a long hard look at your company's business plan and build your business case around it. When you are ready to start building the network, examine your budget and then add to it, for you will be building your network around it. There are several key resources you should look for; however, no one source will have everything you need. Do your homework, research, Google your questions, and look at some of the sites you find. Ask questions in forums, such as this one, when you have specific ones. Whatever you do, make sure your infrastructure will be able to handle what you want it to do and build in room for growth now, because getting more money later will be difficult, if not impossible."

A user identified as HumbleNetAdmin advised:
"When you're talking about building a network infrastructure from the ground up, you should incorporate several disciplines, including: Systems Admin, Network Admin, Network Engineer and Security Admin/Engineer. I have worked in the IT field for many years as a Network Admin and have brought these disciplines together in one form or another. However, I did not find the information in a single source, but multiple. Here are some links that I believe will help you:

  • http://www.techtutorials.info/index.html
  • http://www.techwebpipelines.com/;jsessionid=WSZHO5GENY0P4QSNDBGCKHSCJUMEKJVN
  • https://www.networkworld.com/
  • http://www.enterprisenetworkingplanet.com/
  • http://techrepublic.com.com/5221-10872-0.html?tag=header
  • http://www.microsoft.com/technet/prodtechnol/windowsserver2003/default.mspx

The previous post outlined some initial steps that will help make this project happen. Remember, management's support is crucial, because if you don't have their support and the money to back it, the project is unfortunately, doomed."

More Information

Learn how to use a defense-in-depth strategy to create an secure computing environment.

Secure your network perimeter.

A user identified as mks3rd advised:
"Have you heard of BADNT? It is a top down business model. If you use the acronym properly, you'll receive some great results. From the top down, check the business, the applications, the data, the network and then technology."

 A user identified as larrythethird advised:
"DrillO hit it on the nose. Unless every business unit in the company is on board with the infrastructure's design, you'll be rebuilding and wasting time on things that could have been implemented correctly the first time. Plan for the unexpected. Business groups will say, "that's not what I asked for." Look for missing requirements before moving ahead. They'll be waiting to cause undo tension and delays. And, most importantly, remember the credo of networks: KIS (keep it simple)."

A user identified as Paul144hart advised:
"There are too many possibilities. You should consider writing a Request for Proposal and submit it to several contract houses."

A user identified as BinooDas1234 advised:
"Microsoft Solutions Framework Model will definitely help you. Go through the Process Model, Team Model and Risk Management Models. Details and white papers are also available at the Microsoft site."

This was last published in October 2005

Dig Deeper on Network device security: Appliances, firewalls and switches