Security Domains and Strategies Essay

Facebooktwittergoogle_plusredditpinterestlinkedinmail
Security Domains and Strategies Essay
Rate this post

  • University/College:
    University of California

  • Type of paper: Thesis/Dissertation Chapter

  • Words: 855

  • Pages: 3

Security Domains and Strategies

This report gives a brief description the general security solutions planned for the safety of data and information that belongs to the organization. The outline will provide elements of a multi-layered security plan, and will indicate a general security solution for each of the seven domains of a typical IT infrastructure. Also I will describe a layer of security for each of the seven domains.

First a multi-layered security plan

When designing a layered security solution for an IT infrastructure. The more layers or compartments that block or protect private data and intellectual property, the more difficult it is to find and steal.

Now the Seven Domains of a Typical IT Infrastructure

The User Domain – Defines the people who access an organization’s information system. The User Domain is where you will find an acceptable use policy(AUP). An AUP defines what users are allowed to do with organization-owned IT assets. It’s like a rulebook that employees must follow. This is the first layer of security The User Domain is the weakest link in an IT infrastructure for multiple reasons, one of which being The Lack of User Awareness. A security solution includes conducting security awareness training, display security awareness posters, insert reminders in banner greetings, and send e-mail reminders to employees. The Workstation Domain – Where most users connect to the infrastructure. A workstation can be a desktop computer, laptop computer, or any other device that connects to the network. This is where you will find hardening systems. Hardening a system is the process of ensuring that controls are in place to handle any known threats.

Hardening activities include ensuring that all computers have the latest software revisions, security patches, and system configurations. The workstation domain requires tight security and access controls. This is where users first access systems, applications, and data. An example would be unauthorized access to workstations. A security solution is to enable password protection on workstations for access, and enable auto screen lockout for inactive times. The LAN Domain – A collection of computers connected to one another or to a common connection. A layer of security for the LAN domain is Second-level authentication. Second-level proof is like a gate where the user must confirm who they are a second time. The LAN domain also needs strong security and access controls. Users can access company wide systems, applications, and data from the LAN domain. A security solution for unauthorized access to the LAN is to make sure wiring closets, data centers, and computer rooms are secure. Do not allow anyone access without proper ID. The LAN – to – WAN Domain – Where the IT infrastructure links to a wide area network and the internet.

The security appliances must be logically configured to adhere to policy definitions. This will get the most out of availability, ensure data integrity, and maintain confidentiality. This domain needs strict security controls given the risks and threats of connecting to the internet. This domain is where all data travels into and out of the IT infrastructure. A security solution for unauthorized access through the LAN-to-WAN domain is to apply strict security monitoring controls for intrusion detection and prevention.

The WAN Domain – Connects remote locations

A level of security is the IP stateful firewall a security appliance that is used to filter IP packets and block unwanted IP, TCP, and UDP packet types from entering and leaving the network. Some organizations use the public internet as their WAN infrastructure. While it is cheaper, the internet does not guarantee delivery or security. A security solution for maintaining high WAN service availability is to obtain WAN service availability SLA’s. Deploy redundant internet and WAN connections when 100 percent availability is required. The Remote Access Domain- connects remote users to the organization’s IT infrastructure. Remote access is critical for staff members who work in the field or from home. This domain is where you find authentication server. A server that performs a second level authentication to verify users seeking remote access.

Remote access is dangerous yet necessary for mobile workers. A security solution for brute force user ID and password attacks is to establish user ID and password policies requiring periodic changes. Passwords must be used, Passwords must have more than eight characters, and users must incorporate numbers and letters. The System/Application Domain – Holds all the mission critical systems, applications, and data. A layer of security for the system/application domain is testing and quality assurance. Apply sound software testing, penetration testing, and quality assurance to fill security gaps and software weaknesses. This domain is where the organization’s data is. This data is like treasure. And a security solution for unauthorized access to data centers, computer rooms, and wiring closets is to apply policies, standards, procedures, and guidelines for staff and visitors to secure facilities.

Facebooktwittergoogle_plusredditpinterestlinkedinmail

About the author

admin

View all posts

Security Domains and Strategies Essay

Facebooktwittergoogle_plusredditpinterestlinkedinmail
Security Domains and Strategies Essay
Rate this post

  • University/College:
    University of California

  • Type of paper: Thesis/Dissertation Chapter

  • Words: 1578

  • Pages: 6

Security Domains and Strategies

Part 1: Multi-Layered Security Plan
Security is a fundamental aspect of any network infrastructure. The goal is to always have the most up to date programs and protocols to ensure the protection of the network. No aspect is too small to over look. That could mean the difference between a secure network and a compromised network. The best way to achieve this is to break down every level and approach each one as a separate entity and secure it. Then you can modify it to suit the needs of your network.

We can start with the Application layer. The Application layer provides the interface to the user. First the end user should be subjected to a background check to ensure against any potential malicious or questionable acts in the users past. Then the end user should be properly trained in the use of the computer and the proper protocols to access the network. Updates should be made frequently to keep the user up to date. When the user is in the network, make sure that any unnecessary devices, USB ports and any back doors are disabled. You also want to make sure that all files and emails and downloadable attachments are all thoroughly scanned prior to downloading. Finally, be sure to ensure content filtering, and restrict the end user to only what pertains to their primary function.

The Presentation layer is responsible for encoding and decoding data that is passed from the application layer to another station on the internetwork. You must first ensure that all USB ports are disabled, as well as CD and DVD. This helps to prevent any unauthorized uploads or downloads Make sure that any devices that are not pertinent to the user are disabled as well. To prevent any downloads, use filtering and antivirus scanning. Make sure that any external devices are not used unless proper authorization is obtained. Update all software regularly and enable password protection and screen lock out when the computer is inactive.

The session layer is responsible for creating, managing and terminating sessions that are used by entities at the presentation layer. First you must secure the physical part by making sure that your closets are secure under lock and key and video monitored as well. Make sure that you have an access list of personnel authorized into the closet and keep a log of all who access the closets. Use the highest key possible for all wireless access points. Finally, make sure that all the work stations are individually encrypted as well. You could use two forms of authorization at the users work station.

The Transport layer implements reliable internetwork data transport services that are transparent to upper-layer protocols. First you want to disable ping, probing and port scanning on all the IP devices in the LAN to WAN, this helps prevent phishing and trolling for open ports or any vulnerabilities in the network. you also need to make sure you disable all IP port numbers and monitor with intrusion detection and intrusion prevention systems. You would also like to monitor all of the inbound traffic for any questionable items and apply file transfer monitoring, scanning, and alarming for unknown files. Finally, you should continuously check for vulnerabilities and fix them when they are found, and ensure domain name content filtering is used to keep users on task.

The Network layer defines routing services that allow multiple data links to be combined into an internetwork. You should first restrict using the internet for private communications, set permissions to deny any social or streaming web sites or pages. Then put firewalls in place and apply Acceptable Use Policy in accordance to the RFC 1087: Ethics and the internet. Then get your ISP to put the proper filters on its IP router interfaces. Finally, you should back up all data in an offline, and of site location. Be sure to scan all email attachments for possible threats to the network.

The Data Link layer provides reliable transit of data across a physical network link. The Data Link layer also defines the physical network-addressing scheme, such as the MAC Address on network interface cards in a workstation connected to a LAN. First you should encrypt all confidential data transmissions through the service provider. You should also make sure that your access control lists are enabled and implement continuous SNMP alarms and security monitoring.

The Physical layer defines the parameters necessary to build, maintain, and break the physical link connections. First set automatic blocking for attempted logon retries, this will help against dictionary attacks. You could also apply first-level and secondary level security for remote access to sensitive systems. Be sure to encrypt all private data within the database or hard drive. Finally apply real-time lockout procedures if a token is lost or device is compromised.

Part 2: Student SSCP Domain Research Paper
This is a multi-layered security plan. First, Assign people that are fully trained and/or provide the training that makes it possible to do the job. To prevent malicious software and etc. in the 7 domains of an IT infrastructure, you can isolate and install preventions for each domain. The domains are as follows: User Domain, Workstation Domain, LAN Domain, and LAN to WAN Domain, Remote Access Domain, WAN Domain, and the System/Application Domain.

The first part of the IT infrastructure is the User Domain. It is the weakest link in the IT infrastructure and this is where the users connect to the system. You can make the user aware to the risks and threats that they are susceptible to by holding an Awareness Training session. The system is password protected however; you should change passwords every few months to prevent an attack. Also, log the users as they enter and exit the system to make sure there’s no unauthorized access. While it’s the company’s choice to allow employees to bring in USB/Removable drives, you have a threat to someone obtaining the wrong information, or getting malicious software into the system. If you allow the USB/Removable drives, have a virus scan every time someone inserts one into a company computer.

In a Workstation Domain, you need to make sure virus protection is set up. You are protecting administrative, workstations, laptops, departmental workstations and servers, network and operating system software. You can enable password protection and auto screen lockout for inactive times, use workstation antivirus and malicious code policies, use content filtering and antivirus scanning at internet entry and exit, and update application software and security patches according to the policies and standards. You need to also make sure that the laptops are up to date on the anitivirus software.

The LAN domain will have all the protocols for the users to make sure that they are authorized to access those areas. Make sure that the server rooms are locked and wireless access points are password protected. A LAN to WAN domain is where the IT infrastructure links to a wide area network and the internet. To prevent any problems make sure you apply strict security monitoring controls for intrusion detection, apply file transfer monitoring, and disable ping, probing and port scanning on all exterior IP devices within this domain and have an alert system when someone plugs in a removable media disk(since they are not allowed). If a problem occurs, fix it fully to make sure it doesn’t happen again.

In a WAN Domain, make sure to implement encryption and acceptable use policies. Scan all email attachments and prohibit the internet for private communication (if possible). Make sure security policies are being followed and every employee is in compliance and signs an acceptable use policy. You can allow only access to the mainframe from the job site or on an acceptable laptop.

For the Remote Access Domain, you need to focus on password attempts and encryption. First, you need to apply a user id and password. Then, limit the number of times that a user can enter his or her password before it locks out. Also, apply time lockout procedures on confidential data and make sure you encrypt also. Make sure you have qualified people doing their jobs correctly since they will have remote access to other people’s computers.

In a System/Application Domain, it holds all the mission critical systems, such as, operating system software, applications, and data. To prevent any virus, malware, or unauthorized access into your system, apply a code of ethics, and implement daily backups. Also, apply polices, standards, and guidelines for all employees who enter and exit the building, make sure all server rooms are secure and that only the people that have access to them are entering them.

In conclusion, encryption is a big part of domain security, along with firewalls and doing virus and malware scans. As long as you cover the major aspects and security measures listed in this document, that will be a big plus for your company.

Facebooktwittergoogle_plusredditpinterestlinkedinmail

About the author

admin

View all posts