Network Architecture: Understanding the Basics

Setting up a corporate office is not a one-and-done task by any means. You don’t just plug in everyone’s new computer, give each of your employees the login information and call it a day. There are insightful strategies to follow ranging from the physical placement of each computer to how each component of your network is configured. This notion is called network architecture and it is essential that every corporation with confidential information to protect has a strong one.

When you review your network architecture, it can be broken down into 4 specific areas:network design/layout, firewalls, servers and workstations. In this article, our team of IT professionals in NJ will go over what you need to know about these 4 principles in order to enforce the internet security and operations of your company.

  1. Network architecture is the design and layout of the network. In the most basic form, a network is a collection of computers (workstations, servers) and other devices that are connected with cable (ethernet, fiber optic) or Wifi. 

Let’s say your company has publicly available servers, such as a web server, that you want the public to have access to. This would be so potential customers can see your products and services offered. If you place the web server on the internal network segment with other servers that contain confidential information, then you have just destroyed your network security. The larger the corporate operations or disperse locations, the more segmenting should be considered. Otherwise, ransomware and hackers would be able to gain access to the entire network, encrypt data or unlawfully access data if it’s not segmented. If your network is segmented correctly, the ransomware or hacker will be contained. Whether you have an active threat or not, the importance of having a network security and IT professional reviewing your network architecture for design weaknesses and vulnerabilities is crucial.

  1. Firewalls, in effect, act as a security guard that we give rules to. If a computer attempts to access our internal network, the firewall enforces the rules we configured in it. If we can configure rules that create weaknesses or vulnerabilities, then the security of our network and all of its resources will suffer. It’s essential to have your IT team review the rules on the firewall to make sure they enhance security and not distract from it.

    The firewall is used to create network segments and enforce the rules and resources placed on each of the network segments. For example, a firewall typically has four more ports, which can be used to create the external interface (internet), internal network segment (employees), DMZ (publicly accessible servers), and a service network segment for an intranet server (employee resource for multiple office locations). 
  2. Servers are computers that perform specific functions or act as a shared resource. Some servers run applications which the company and its employees rely on, or servers may be set up as a shared resource for secure file storage and sharing.

    Because servers are often the target of ransomware and hackers, they should be located on a secured network segment. Their local configurations settings should be set at the most secure, which we often find is not the case with many of the clients NSGi works with. When determining server configuration, one key strategy to keep in mind is that if a server performs a function on the network that employees don’t need access to, then employees should not be able to get to that server AT ALLl. For example, the backup server backups other servers and devices. There’s no need for employees to access this backup server, so the Active Directory configurations should prevent access to that device.
  3. Workstations are the computers used by employees, including desktop or laptop computers. They are much different than servers and play a distinct role in a network environment. These computers are used by employees to access the Internet, send and receive emails, create or modify documents, and access shared resources such as application and file servers.

    The proper configuration of each workstation can help reduce, contain, or even prevent a security incident from occurring. For example, when an employee clicks on an attachment that they should not have clicked on, a malware application may launch, encrypting data on the local hard drive and all accessible shared resources. If a user has access to an M drive, an R drive and an X drive, all of the files located on the shared resources would be in jeopardy! One major way to prevent this is to have an IT expert assess and modify the User Control settings for each workstation to ensure the configurations are secure. 

Assess Network Architecture with Professional IT Technicians in NJ 

We have provided you with a general baseline for network architecture that every company should have. But this list does not reflect the intricate ins and outs of network architecture that all companies must have. If your organization is expanding to another corporate office location, it’s important to have an IT team evaluate your current network architecture and ensure the new locations and configurations for servers, firewalls and workstations are as secure as possible. This is especially important if you have employees who need to access sensitive data safely when they are working away from the office.  

If you need help assessing and making amendments to your network infrastructure, please give the IT technicians at NSGI a call today or visit us at:


*This article includes excerpts from “Pocket Guide for Investigating Ransomware and Network Intrusions” written by John Lucich, the Founder and CEO of Network Security Group, Inc and eForensix


Related Posts