COMPUTER SECURITY

The Three-Layer Network Design Model

Photo of Adeniyi Salau Adeniyi SalauApril 26, 2023
0 0 4 minutes read
The Three-Layer Network Design Model

The Three-Layer Network Design Model

 

The campus wired LAN uses a hierarchical design model to separate the network topology into modular groups or layers. Separating the design into layers allows each layer to implement specific functions, which simplifies the network design. This also simplifies the deployment and management of the network.
The campus wired LAN enables communications between devices in a building or group of buildings, as well as interconnection to the WAN and Internet edge at the network core.A hierarchical LAN design includes the access, distribution, and core layers as shown in the figure.

 

Hierarchical Design Model

Each layer is designed to meet specific functions.
The access layer provides endpoints and users direct access to the network. The distribution layer aggregates access layers and provides connectivity to services. Finally, the core layer provides connectivity between distribution layers for large LAN environments.
User traffic is initiated at the access layer and passes through the other layers if the functionality of those layers is required.
Even though the hierarchical model has three layers, some smaller enterprise networks may implement a two-tier hierarchical design. In a two-tier hierarchical design, the core and distribution layers are collapsed into one layer, reducing cost and complexity.

 

In flat or meshed network architectures, changes tend to affect a large number of systems. Hierarchical design helps constrain operational changes to a subset of the network, which makes it easy to manage as well as improve resiliency. Modular structuring of the network into small, easy-to-understand elements also facilitates resiliency through improved fault isolation.

Firewalls

Typically, a firewall with two interfaces is configured as follows:

  • Traffic originating from the private network is permitted and inspected as it travels toward the public network. Inspected traffic returning from the public network and associated with traffic that originated from the private network is permitted.
  • Traffic originating from the public network and traveling to the private network is generally blocked. 

 

Demilitarized zone

A demilitarized zone (DMZ) is a firewall design where there is typically one inside interface connected to the private network, one outside interface connected to the public network, and one DMZ interface, as shown in the figure.

  • Traffic originating from the private network is inspected as it travels toward the public or DMZ network. This traffic is permitted with little or no restriction. Inspected traffic returning from the DMZ or public network to the private network is permitted.
  • Traffic originating from the DMZ network and traveling to the private network is usually blocked.
  • Traffic originating from the DMZ network and traveling to the public network is selectively permitted based on service requirements.
  • Traffic originating from the public network and traveling toward the DMZ is selectively permitted and inspected. This type of traffic is typically email, DNS, HTTP, or HTTPS traffic. Return traffic from the DMZ to the public network is dynamically permitted.
  • Traffic originating from the public network and traveling to the private network is blocked.
Action Point
PS: If you would like to have an online course on any of the courses that you found on this blog, I will be glad to do that on an individual and corporate level, I will be very glad to do that because I have trained several individuals and groups and they are doing well in their various fields of endeavour. Some of those that I have trained include staff of Dangote Refinery, FCMB, Zenith Bank, and New Horizons Nigeria among others. Please come on Whatsapp and let’s talk about your trainingYou can reach me on Whatsapp HERE. Please note that I will be using Microsoft Team to facilitate the training. 

I know you might agree with some of the points that I have raised in this article. You might not agree with some of the issues raised. Let me know your views about the topic discussed. We will appreciate it if you can drop your comment. Thanks in anticipation.

 

Fact Check Policy

CRMNUGGETS is committed to fact-checking in a fair, transparent and non-partisan manner. Therefore, if you’ve found an error in any of our reports, be it factual, editorial, or an outdated post, please contact us to tell us about it.

     

Fact Check Policy
Contact Us

Related posts:

truehost
whatsapp

Related posts:

6 Types Of End Device Logs In Cybersecurity6 Types Of End Device Logs In Cybersecurity Analysing Five Layers Of Computer SecurityAnalysing Five Layers Of Computer Security Default ThumbnailSome Major Networking Basics You Cannot Do Without Default ThumbnailProper Instant Messaging Security Measures Default ThumbnailComprehensive Guide On Use Of SD-WAN Default ThumbnailFacts About Endpoint Security Architecture Default Thumbnail4 Reasons Why You Need Computer Security 2 Major Benefits Of Online Banking Platform2 Major Benefits Of Online Banking Platform Analysing Secured Email Gateway For NetworksAnalysing Secured Email Gateway For Networks Understanding Antimalware Protection In CybersecurityUnderstanding Antimalware Protection In Cybersecurity joining a device to a networkMTA 98-368: Joining a Device to a Network 5 Great Cautions For Email Attachments5 Great Cautions For Email Attachments
Photo of Adeniyi Salau Adeniyi SalauApril 26, 2023
0 0 4 minutes read
Photo of Adeniyi Salau

Adeniyi Salau

Adeniyi Salau is a highly dedicated and committed Blogger of repute. He likes sharing his IT knowledge with others. My desire is to impact as many lives as possible with my IT skills. You can download my mobile APP. Download the ICTLOAD APP on Google Playstore. Thanks.

Related Articles

9 Major Threats To System Security Operations

September 30, 2020

List of Scam Websites That You Should Know

September 18, 2020

14 Steps To Avoid Network Vulnerabilities

February 2, 2021

6 Potential Losses Due To Security Attacks

September 10, 2020

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button