Unfortunately, one of the common mistakes in network design is the lack of sufficient understanding of how networks operate. This can lead to the application of misconceptions in their protection. Additionally, the integration of non-traditional IT assets such as smart door locks, refrigerators, and TVs introduces new challenges. Therefore, the adage “Know the system” is crucial for effective protection. After all, we cannot safeguard what we are unaware of.

Network design engineering can be distilled into three fundamental stages:

1. Conceptual Design: This stage involves outlining the high-level structure and requirements of the network. It addresses the network’s purpose, scope, and overall objectives, providing a blueprint for more detailed planning.
2. Logical Design: In this phase, the focus shifts to the functional aspects of the network. It involves defining the network architecture, including the layout of devices, IP addressing schemes, and the routing and switching protocols to be used.
3. Physical Design: The final stage is concerned with the actual implementation of the network. This includes the selection of hardware, the physical layout of cables and devices, and the installation and configuration of network components.

By adhering to these stages, network designers can ensure a comprehensive and effective approach to network architecture, facilitating robust security and efficient operation.

Conceptual design

The conceptual design phase is the initial step in network design, where the focus is on understanding the overarching goals and purposes of the network. It aims to provide a clear answer to the questions of why the network is being designed and what its primary objectives are. Networks are typically established to facilitate structured access to resources and enable their sharing in alignment with the goals and vision of the organization that owns them.

This design phase encompasses both the internal and external components of the system, including data flow, operating systems, servers, and critical core processing. It is important to note that the conceptual design is not concerned with technical details or system configurations. Instead, it outlines the resources and elements needed to build the network as a whole.

In some cases, the term “black box diagram” is used to characterize systems based on their functional effectiveness. This diagram provides a high-level view of the system’s inputs and outputs without delving into the specifics of how the system operates internally. By focusing on the big picture, the conceptual design lays the foundation for more detailed planning in the subsequent stages of network design.

 Logical design

The logical design phase in network design is a crucial step that follows the conceptual design. In this phase, the focus shifts to the technical architecture of the network, based on the organization’s engineering plan. This involves determining the placement of key network components such as servers, printers, routers, switches, and other devices that will be connected to the network.

The logical design is concerned with the technical specifications of all equipment and how they will interact within the network. This includes defining the network topology, IP addressing scheme, routing protocols, and other logical configurations that dictate how data will flow through the network.

During this stage, network designers create detailed diagrams and maps that illustrate the logical structure of the network. These diagrams typically include the layout of network devices, their connections, and the paths that data will take between devices.

By carefully planning the logical design, organizations can ensure that their network is optimized for efficiency, scalability, and security, meeting the specific needs and objectives outlined in the conceptual design phase.

 Physical design 

The physical design phase is the final stage in network design, where the focus shifts from theoretical planning to the practical aspects of building the network. This phase is crucial for transforming the conceptual and logical designs into a tangible network infrastructure. It is divided into two main sections:

1. Structural Section: This part involves revisiting the conceptual and logical designs to make any necessary adjustments based on the physical realities of the environment. It includes finalizing the placement of network devices, cabling paths, and other physical components. The structural section ensures that the network plan is feasible and optimized for the physical space in which it will be deployed.
2. Technical Section: This section is further divided into two perspectives:

• Software and Configuration: This perspective involves determining the versions of operating systems and applications that will be used on the network. It also includes selecting the software patches to be applied for security and performance purposes. Configuration hardening is another critical aspect, where security settings are tightened to protect against vulnerabilities.
• Risk Identification: The second perspective focuses on identifying potential risks to the network, particularly those related to outdated hardware and software. For example, in some industrial sectors, SCADA systems may still operate on older operating systems like Windows XP or Vista, which can pose significant security risks. It is essential to assess these risks and plan for mitigations or upgrades where necessary.

The physical design phase is a crucial step in ensuring that the network is not only technically sound but also practically implementable. It requires careful consideration of both the structural and technical aspects to create a robust and secure network infrastructure.

In the second perspective of the physical design phase, attention is given to the physical infrastructure of the network, with a focus on identifying and addressing physical vulnerabilities. This includes:

• Access Control: Ensuring that door locks between different departments of the organization are secure. This may involve the use of advanced authentication methods such as smart cards, fingerprint recognition, or retinal scans.
• Surveillance and Security Systems: Implementing security cameras and other surveillance systems to monitor critical areas of the network infrastructure.
• Protection Cabinets: Utilizing secure cabinets for housing network devices such as switches, routers, and servers to prevent unauthorized access or tampering.
• Server Protection Rooms: Designing secure rooms or data centers where servers and other critical network equipment are stored. These rooms should be equipped with appropriate environmental controls, fire suppression systems, and physical security measures.
• Cable Management: Ensuring that the pathways and distribution points for network cables are secure and protected from potential physical damage or interception.

Once the physical design is thoroughly reviewed and finalized, it is essential for the IT department and the Cybersecurity department to collaborate and coordinate closely to begin the implementation process. This cooperation ensures that both the technical and security aspects of the network are adequately addressed, leading to a robust and secure network infrastructure.