International FDDI network
Could you kindly let me know what are the security issues that I need to
consider when implementing a FDDI network for a MNC with 3 foreign branches?
If you're implementing FDDI for a multi-national corporation, you probably
aren't implementing FDDI all the way to the foreign branches, owing to the
extremely high expense involved. Thus, I assume you're asking about security
issues relevant to linking a local FDDI ring to some kind of WAN link that
will tie multiple sites together.
If I'm correct in my assumption, your concerns are no different from any
networking situation where LANs are connected to the Internet or other
public networking infrastructures. For each site, I'd suggest placing screening
routers at the outer periphery of a DMZ, situating hardened servers that
offer public or external access within the DMZ (with highly secure, mirrored
servers inside the DMZ on the private side of one or more networks), with
firewalls on the private side of the DMZ).
I'd also urge you to take advantage of regular security scans and to
deploy intrusion detection systems (IDS) on the firewall.
This was first published in November 2001