At the beginning of any secure network design project, many best practices apply more or less uniformly to all areas of the design.
This article by Sean Convery presents these practices in a single location.
Topics such as disaster recovery, site selection, and so on are not discussed at all.
Chapter 1, "Network Security Axioms," presented the security axioms; this chapter translates them into actionable guidance for secure network design.
One common security truism is "Once you have physical access to a box, all bets are off." This is a good beginning assumption for this section.
If an attacker has physical access to a computer, router, switch, firewall, or other device, your security options are amazingly limited.
Networking devices, with few exceptions, can have their passwords reset by attaching to their console port.
Many things difficult to design prove easy to performance. Samuel Johnson, Rasselas: The History of Rasselas, Prince of Abissinia, 1759 A good scientist is a person with original ideas.