skip to Main Content


The boundaries of your IT landscape are hard to define, and harder to control. Admins, engineers, employees, contractors, business partners and clients all need to be able to access parts of your network, and all those parts are connected.

If those connections are not secure, cyber criminals and hostile insiders can exploit them, taking advantage of low security in one part of your network to access sensitive information stored in another. Network security architecture best practices help control access to your IT infrastructure, reducing the risks of breaches and limiting how much damage a successful attacker can do. Here are three specific best practices that can help keep your network safe:

1. Segment your network. Proper network segmentation has long been a foundation of network security architecture best practices. In this past this was primarily accomplished by layering physical hardware with Access Control List (ACL) policies. ACLs restrict what traffic can pass, allowing you to define rules based on the needs of a part of the network. Web servers can be given less restrictive controls allowing external access, while proprietary data can be governed by more restrictive rules.

Current network security architecture best practices require organizations to supplement ACLs with technologies such as virtual routing to help protect the network from dangerous traffic. Virtual routing has multiple sets of data routing rules, allowing the network to separate different types of traffic. If there’s traffic that might pose a threat to security or stability, a virtual router can contain it within one part of the network without affecting the rest. For cloud and hosting providers like Symmetry, virtual routings helps keep client landscapes in their own secure containers throughout the entire cloud stack.

2. Harden your network. Hackers often scan networks, looking for vulnerabilities. Neglected and unused services and devices may be poorly secured and monitored, providing a backdoor for unauthorized users. Network security architecture best practices call for removing or disabling anything you don’t need, to reduce your network’s attack surface — the possible entry points a hacker could use to gain access.

Network hardening requires a systematic review of your network; the security team needs to spot everything from unnecessary modules and open ports, to poorly secured networked printers. An IT consulting servicespartner can help you make sure you’re not overlooking something.

3. Don’t assume you’re safe. Any good design has three basic steps: plan, implement and verify. The last stage is where most security initiatives fail, and network security is no exception. Most enterprises fail to regularly review risks and security measures, assuming they’re safe until they hear otherwise.

As your organization grows, your network becomes more complex, which increases the chance that a mistake could give hackers access. At the same time, your data becomes more valuable, making you a more attractive target.

It’s crucial to counter this increased risk with regular security and risk analysis. Symmetry’s security and compliance team can audit your network to design, implement and test a plan that meets network security architecture best practices, protecting you against current threats and anticipating future risks.

Network security architecture should be a fortress around your IT landscape. A well-designed network wards off most attackers, and make it easier to defend against the most determined ones. But like a fortress, your network needs guards to monitor its defenses. Symmetry can keep your IT landscape safe with 24/7/365 monitoring and incident response. Contact us to learn how we can help.

Randy Downey, Senior Cloud Architect

Randy Downey, Senior Cloud Architect

As the Senior Cloud Architect at Symmetry, Randy brings over 14 years of experience in Information Technology with focus in Virtualization, Public, Private and Hybrid Clouds, System Design and Implementation, Data Center Operations, and Desktop/Server Engineering. He also has extensive experience with VMware solutions at the enterprise level across multiple industries including Managed Hosting, Cloud Service Providers, Global Utilities, and Healthcare.