Download Separate Domains of IT Infrastructure

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
Document related concepts

Deep packet inspection wikipedia , lookup

Malware wikipedia , lookup

Cross-site scripting wikipedia , lookup

Trusted Computing wikipedia , lookup

Computer and network surveillance wikipedia , lookup

Distributed firewall wikipedia , lookup

Access control wikipedia , lookup

Computer security wikipedia , lookup

Wireless security wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Security and safety features new to Windows Vista wikipedia , lookup

Certificate authority wikipedia , lookup

Unix security wikipedia , lookup

Mobile security wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

Transcript 
Separate Domains of IT
Infrastructure
CS5493
7 Domains of IT
1. User Domain
2.Workstation Domain
3.LAN Domain
4.LAN to WAN Domain
5.WAN Domain
6.Remote Access
7.System Application Domain
Logical Grouping of IT Domains
●
User/Workstation
●
Network
●
LAN
●
LAN-WAN interface
●
WAN
●
Remote (Brave new world)
●
System/Application
User Domain
●
The subjects:
●
The people using the system.
●
This is the domain of the AUP
The AUP
• Acceptable usage policy – a contract between
the system owner and system user outlining
the acceptable usage parameters of the
computing system.
User Domain
●
Threats/Vulnerabilities
–
Lack of user awareness
–
User apathy toward policies
–
Security policy violations
–
Disgruntled employee attacks
–
Social engineering attacks
–
Etc
Mitigation strategies …
User Domain
…Mitigation Strategies
User awareness training
Accountability through an AUP
Implement personnel access controls
Workstation Domain
●
Usually refers to the computer on your desk or
workspace.
–
This includes the staff supporting the workstations
–
The AUP is a key document for this domain
Workstation Domain
●
Risks/threats/vulnerabilities
–
Unauthorized access
–
Malware
–
Social engineering attacks
–
Etc.
Mitigation strategies…
Workstation Domain
…Mitigation Strategies
User awareness training
logging
anti-malware
Accountability through an AUP
Network Service Domain
●
For the purpose of this course, we will
combine the domains for LAN, LAN-to-WAN,
and WAN into the Network Service Domain
Network Service Domain
●
●
Includes the equipment, cables, the wireless
access, etc.
Key document is the SLA
SLA: Service Level Agreement
• An agreement between the system provider
and system user. Outlines provider
responsibilities and defines realistic
expectations to the users.
Network Service Domain
●
Threats/Vulnerabilities/
–
Unauthorized access, physical or otherwise
–
Malware attacks
–
Hardware vulnerabilities
–
Support staff threats/vulnerabilities
–
Misuse of network resource by users
–
Clear-text (unencrypted) data traffic
–
DoS
–
Wireless attacks
Network Service Domain
…Mitigation Strategies
IDS – intrusion detection system, like SNORT.
IPS – intrusion prevention system, like a
firewall
Network Service Domain
…Mitigation Strategies
drop malicious packets, reset connection, block
traffic from offending IP addresses, etc.
set up a DMZ, …
Remote Access Domain
●
Accessing the computing services from
outside the boundary of the computing system.
–
Smart phones
–
Laptop computers
–
PDAs
–
Remote E-mail usage
–
Wireless access
–
Access to cloud resources
–
Social media access
Remote Access Domain
• The AUP is the governing document
Remote Access Domain
●
threat/vulnerability
–
Theft or loss of electronic devices
–
Theft or loss of data
–
Unauthorized access (shoulder surfers)
–
Clear-text data transfer
–
Poor security on personal devices.
–
Reliability of cloud services
Remote Domain
…Mitigation Strategies
User awareness training
Accountability through an AUP
reliable authentication (MFA?)
Data Encryption, etc
System/Application Domain
●
The critical infrastructure of server systems,
applications, and data.
–
Payroll
–
Accounting, purchasing, billing
–
Sales
–
Intellectual property, etc.
–
Proprietary technology
–
Personal information
System/Application Domain
●
Threat/vulnerability
–
Unauthorized access
–
Hardware failure
–
Data loss
–
Malware
–
Failure to keep systems and software up-to-date.
–
Social engineering attacks
–
etc
System/Applications Domain
…Mitigation Strategies
Awareness training
Backup/RAID
Physical security,
Logging,
Data/system integrity monitor
Disaster recovery plan
etc
System/Application Domain
• The governing document is the SLA.
Domain Group Assignments
●
User/Workstation
Green Group
●
Network
Blue Group
●
Remote
Red Group
●
System/Application
Gold Group
Related documents
Acceptable Use Policies
Acceptable Use Policies
Business Web Page Design
Business Web Page Design
Today`s Topics
Today`s Topics
Systems Security
Systems Security
dos_nanog
dos_nanog
sector, data, information, financial and technical services and support
sector, data, information, financial and technical services and support
CLOUD FASTPATH ACCEPTABLE USE POLICY Tervela, Inc
CLOUD FASTPATH ACCEPTABLE USE POLICY Tervela, Inc
Document
Document
Drafting+Organisation+Security+Management+Policy (1)
Drafting+Organisation+Security+Management+Policy (1)
Why should students learn how to use the Internet?
Why should students learn how to use the Internet?
Dennis Anderson
Dennis Anderson
DAhuja
DAhuja
Acceptable Use Policy
Acceptable Use Policy
InfoSec Acceptable Use Policy. (nd). SANS Institute. Retrieved from
InfoSec Acceptable Use Policy. (nd). SANS Institute. Retrieved from