University of California
Type of paper: Thesis/Dissertation Chapter
Security Domains and Strategies
This report gives a brief description the general security solutions planned for the safety of data and information that belongs to the organization. The outline will provide elements of a multi-layered security plan, and will indicate a general security solution for each of the seven domains of a typical IT infrastructure. Also I will describe a layer of security for each of the seven domains.
First a multi-layered security plan
When designing a layered security solution for an IT infrastructure. The more layers or compartments that block or protect private data and intellectual property, the more difficult it is to find and steal.
Now the Seven Domains of a Typical IT Infrastructure
The User Domain – Defines the people who access an organization’s information system. The User Domain is where you will find an acceptable use policy(AUP). An AUP defines what users are allowed to do with organization-owned IT assets. It’s like a rulebook that employees must follow. This is the first layer of security The User Domain is the weakest link in an IT infrastructure for multiple reasons, one of which being The Lack of User Awareness. A security solution includes conducting security awareness training, display security awareness posters, insert reminders in banner greetings, and send e-mail reminders to employees. The Workstation Domain – Where most users connect to the infrastructure. A workstation can be a desktop computer, laptop computer, or any other device that connects to the network. This is where you will find hardening systems. Hardening a system is the process of ensuring that controls are in place to handle any known threats.
Hardening activities include ensuring that all computers have the latest software revisions, security patches, and system configurations. The workstation domain requires tight security and access controls. This is where users first access systems, applications, and data. An example would be unauthorized access to workstations. A security solution is to enable password protection on workstations for access, and enable auto screen lockout for inactive times. The LAN Domain – A collection of computers connected to one another or to a common connection. A layer of security for the LAN domain is Second-level authentication. Second-level proof is like a gate where the user must confirm who they are a second time. The LAN domain also needs strong security and access controls. Users can access company wide systems, applications, and data from the LAN domain. A security solution for unauthorized access to the LAN is to make sure wiring closets, data centers, and computer rooms are secure. Do not allow anyone access without proper ID. The LAN – to – WAN Domain – Where the IT infrastructure links to a wide area network and the internet.
The security appliances must be logically configured to adhere to policy definitions. This will get the most out of availability, ensure data integrity, and maintain confidentiality. This domain needs strict security controls given the risks and threats of connecting to the internet. This domain is where all data travels into and out of the IT infrastructure. A security solution for unauthorized access through the LAN-to-WAN domain is to apply strict security monitoring controls for intrusion detection and prevention.
The WAN Domain – Connects remote locations
A level of security is the IP stateful firewall a security appliance that is used to filter IP packets and block unwanted IP, TCP, and UDP packet types from entering and leaving the network. Some organizations use the public internet as their WAN infrastructure. While it is cheaper, the internet does not guarantee delivery or security. A security solution for maintaining high WAN service availability is to obtain WAN service availability SLA’s. Deploy redundant internet and WAN connections when 100 percent availability is required. The Remote Access Domain- connects remote users to the organization’s IT infrastructure. Remote access is critical for staff members who work in the field or from home. This domain is where you find authentication server. A server that performs a second level authentication to verify users seeking remote access.
Remote access is dangerous yet necessary for mobile workers. A security solution for brute force user ID and password attacks is to establish user ID and password policies requiring periodic changes. Passwords must be used, Passwords must have more than eight characters, and users must incorporate numbers and letters. The System/Application Domain – Holds all the mission critical systems, applications, and data. A layer of security for the system/application domain is testing and quality assurance. Apply sound software testing, penetration testing, and quality assurance to fill security gaps and software weaknesses. This domain is where the organization’s data is. This data is like treasure. And a security solution for unauthorized access to data centers, computer rooms, and wiring closets is to apply policies, standards, procedures, and guidelines for staff and visitors to secure facilities.