1. Firewalls
    1. Firewalls divide networks into security zones. Place firewalls at the network edge to enforce the network security boundary.
    2. Firewalls enforce separation between networks. This includes:
      1. Endpoints
      2. Wireless Networks
      3. Guest Networks
      4. Data Center Networks
    3. The exact placement of firewalls will depend upon your organization's security and business requirements.
  2. Event Monitoring
    1. Port Mirroring (SPAN)
      1. Switch Protocol Analyzer. A method used to provide a copy of traffic that crosses the switch.
      2. Mirrored ports can be configured to detect:
        1. Ingress (Rx) Traffic
        2. Egress (Tx) Traffic
        3. Both Ingress (Rx) and Egress (Tx) Traffic
      3. Mirrored ports can detect traffic for:
        1. a single port
        2. multiple ports
        3. a particular VLAN
      4. SPAN can be configured:
        1. Locally
        2. Remotely
      5. Proper SPAN configuration is key to getting the results you're after.
    2. SIEM Systems
      1. Security Information and Event Management Systems. Consists of:
        1. Collectors:
          1. A network of devices designed to gather information from other systems. Collectors gather this information from network sensors.
          2. Network Sensors
          3. Sensors placed on network segments that are designed to collect information for specific systems.
          4. Collectors should be placed in network locations that minimize the path distance between them and the network sensors sending them information.
        2. Correlation Engine:
          1. Pulls together the information from those collectors for analysis.
          2. The correlation engine is a sensitive security device, and should be placed on a protected network where it is accessible only to authorized administrators.
  3. Proxy Servers
    1. A server used to protect internal users from malicious Internet content.
    2. Proxy servers are often placed in the DMZ network. This limits the amount of outbound network traffic from the internal network, adding a layer of isolation to your trusted network.
  4. VPN Concentrators
    1. VPN concentrators are hardware devices used to aggregate inbound VPN connections from employees and other users who require remote access.
    2. A common network approach for placing VPN concentrators is to place them on their own VLAN.
    3. Access controls should also be configured to limit the access granted to systems.
  5. SSL Accelerators & Load Balancers
    1. SSL accelerators and load balancers are devices designed to boost the performance of services that you provide to the outside world at scale.
    2. SSL Accelerators
      1. SSL accelerators handle the tough cryptographic work of setting up a TLS connection on behalf of a web server, allowing the web server to focus on delivering web content.
    3. Load Balancers
      1. Load balancers allocate the load of inbound user requests among a pool of servers, allowing the organization to scale a service quickly by adding additional servers.
    4. Both SSL accelerators and load balancers normally reside in the DMZ where they are close to the servers that they assist.
  6. DDoS Mitigation Technology
    1. DDoS mitigation technology uses a variety of tools and techniques to block DDoS attacks from entering the organization's network and minimizing the impact they have on legitimate network use.
    2. You want to place DDoS mitigation technology as close to the internet connection as possible to block the unwanted traffic from entering deeper into your network.
    3. Ideally, to prevent a DDoS attack before it even reaches your network, you can purchase DDoS mitigation services from one of these providers:
      1. directly from your internet service provider
      2. from a third part cloud service