* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Separate Domains of IT Infrastructure
Survey
Document related concepts
Deep packet inspection wikipedia , lookup
Cross-site scripting wikipedia , lookup
Trusted Computing wikipedia , lookup
Computer and network surveillance wikipedia , lookup
Distributed firewall wikipedia , lookup
Access control wikipedia , lookup
Computer security wikipedia , lookup
Wireless security wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Security and safety features new to Windows Vista wikipedia , lookup
Certificate authority wikipedia , lookup
Unix security wikipedia , lookup
Transcript
Separate Domains of IT Infrastructure CS5493 7 Domains of IT 1. User Domain 2.Workstation Domain 3.LAN Domain 4.LAN to WAN Domain 5.WAN Domain 6.Remote Access 7.System Application Domain Logical Grouping of IT Domains ● User/Workstation ● Network ● LAN ● LAN-WAN interface ● WAN ● Remote (Brave new world) ● System/Application User Domain ● The subjects: ● The people using the system. ● This is the domain of the AUP The AUP • Acceptable usage policy – a contract between the system owner and system user outlining the acceptable usage parameters of the computing system. User Domain ● Threats/Vulnerabilities – Lack of user awareness – User apathy toward policies – Security policy violations – Disgruntled employee attacks – Social engineering attacks – Etc Mitigation strategies … User Domain …Mitigation Strategies User awareness training Accountability through an AUP Implement personnel access controls Workstation Domain ● Usually refers to the computer on your desk or workspace. – This includes the staff supporting the workstations – The AUP is a key document for this domain Workstation Domain ● Risks/threats/vulnerabilities – Unauthorized access – Malware – Social engineering attacks – Etc. Mitigation strategies… Workstation Domain …Mitigation Strategies User awareness training logging anti-malware Accountability through an AUP Network Service Domain ● For the purpose of this course, we will combine the domains for LAN, LAN-to-WAN, and WAN into the Network Service Domain Network Service Domain ● ● Includes the equipment, cables, the wireless access, etc. Key document is the SLA SLA: Service Level Agreement • An agreement between the system provider and system user. Outlines provider responsibilities and defines realistic expectations to the users. Network Service Domain ● Threats/Vulnerabilities/ – Unauthorized access, physical or otherwise – Malware attacks – Hardware vulnerabilities – Support staff threats/vulnerabilities – Misuse of network resource by users – Clear-text (unencrypted) data traffic – DoS – Wireless attacks Network Service Domain …Mitigation Strategies IDS – intrusion detection system, like SNORT. IPS – intrusion prevention system, like a firewall Network Service Domain …Mitigation Strategies drop malicious packets, reset connection, block traffic from offending IP addresses, etc. set up a DMZ, … Remote Access Domain ● Accessing the computing services from outside the boundary of the computing system. – Smart phones – Laptop computers – PDAs – Remote E-mail usage – Wireless access – Access to cloud resources – Social media access Remote Access Domain • The AUP is the governing document Remote Access Domain ● threat/vulnerability – Theft or loss of electronic devices – Theft or loss of data – Unauthorized access (shoulder surfers) – Clear-text data transfer – Poor security on personal devices. – Reliability of cloud services Remote Domain …Mitigation Strategies User awareness training Accountability through an AUP reliable authentication (MFA?) Data Encryption, etc System/Application Domain ● The critical infrastructure of server systems, applications, and data. – Payroll – Accounting, purchasing, billing – Sales – Intellectual property, etc. – Proprietary technology – Personal information System/Application Domain ● Threat/vulnerability – Unauthorized access – Hardware failure – Data loss – Malware – Failure to keep systems and software up-to-date. – Social engineering attacks – etc System/Applications Domain …Mitigation Strategies Awareness training Backup/RAID Physical security, Logging, Data/system integrity monitor Disaster recovery plan etc System/Application Domain • The governing document is the SLA. Domain Group Assignments ● User/Workstation Green Group ● Network Blue Group ● Remote Red Group ● System/Application Gold Group