Deploying Network VirusWall Enforcer
3-5
Identify segments of your network to protect by considering which kinds of endpoints
may introduce security risks or violate security policies. Also, consider the location of
resources that are critical to your organization, such as:
•
Remote endpoints that access your internal network resources
•
Guest endpoints that temporarily connect to your network
•
Key network segments/important network assets, such as places on the network
that contain email, Web, or application servers
Remote Access Endpoints
Remote endpoints access internal network resources in the same manner as the
endpoints already on your network and comprise essentially another internal network
segment. You must consider whether to protect remote endpoints as you do internal
endpoints.
You can consider two types of remote endpoints:
•
Dialup/VPN users
—telecommuters who typically dial up or use VPN to connect
to your network
•
External business units
—offices located outside the main network site that need
access to resources on the main network
A home user could establish a dialup connection or a VPN connection to access a
company’s internal network resources. Most likely, business units would establish a VPN
connection.
F
IGURE
3-1.
Dialup service deployment scenario
RAS server
Dialup endpoint
Public switched
telephone network
To the LAN