Network Perimeter Defense Architecture: A Case Study

This paper, written as a case study in 2001, documents a comprehensive architecture for defending network resources of a fictitious company. It illustrates an approach to setting up a strong security perimeter. This document was submitted to SANS GIAC to fulfill GIAC Certified Firewall Analyst (GCFW) certification requirements.

This paper is only available in Adobe Acrobat PDF format. You may download it here. The table of contents is listed below for your convenience:

Part 1: Security Architecture
1.1 Assigned Task
1.2 Application Architecture
1.3 Perimeter Defense
1.4 External Connectivity
1.5 Implementation
Part 2: Security Policy
2.1 Assigned Task
2.2 Guiding Principles
2.3 Border Router
2.4 Firewalls
2.5 VPN Configuration
2.6 Applying Policy
2.7 Compliance Monitoring
Part 3: Audit of the Security Architecture
3.1 Assigned Task
3.2 Planning the Assessment
3.3 Assessment of Security Design
3.4 Assessment of Defense Perimeter Implementation
3.5 Assessment of Defense Component Implementation
3.6 Defense Improvement Recommendations
Part 4: Design Under Fire
4.1 Assigned Task
4.2 Targeted Architecture
4.3 Attacking the Firewall
4.4 Denial of Service Attack
4.5 Compromising an Internal System

About the Author

Lenny Zeltser is a seasoned business and tech leader with extensive cybersecurity experience. He builds innovative endpoint defense solutions as VP of Products at Minerva Labs. Beforehand, he was responsible for security product management at NCR Corp. Lenny also trains incident response and digital forensics professionals at SANS Institute. An engaging presenter, he speaks at industry events, writes articles and has co-authored books. Lenny has earned the prestigious GIAC Security Expert designation, has an MBA from MIT Sloan and a Computer Science degree from the University of Pennsylvania.

Learn more