THE SEVEN DOMAINS OF A TYPICAL IT INFRASTRUCTURE
1. User Domain defines the people who access an organization’s information system.
2. WORKSTATION DOMAIN is where most users connect to the IT infrastructure. It can be a desktop computer, or any device that connects to your network.
3. Local Area Network (LAN) DOMAIN is a collection of computers connected to one another or to a common connection medium. Network connection mediums can include wires, fiber optic cables, or radio waves.
4. LAN-TO-WAN DOMAIN is where the IT infrastructure links to a wide area network and the Internet.
• Basically, a firewall controls, prevents, and monitors incoming and outgoing network access. It is the job of the firewall to prevent unauthorized network access, both from outside and inside network users. Depending on the type of firewall, data packets sent to and from the network pass through the firewall, and all this ...view middle of the document...
5. Wide Area Network (WAN) DOMAIN connects remote locations. WAN services can include dedicated Internet access and managed services for customer’s routers and firewalls. Networks, routers, and equipment require continuous monitoring and management to keep WAN service available.
6. REMOTE ACCESS DOMAIN connect remote users to the organization’s IT infrastructure. The scope of this domain is limited to remote access via the Internet and IP communications. The logical configuration of the Remote Access Domain requires IP network engineering and VPN solutions.
7. SYSTEM/APPLICATION DOMAIN holds all the mission-critical systems, applications, and data.
Information Security Plan
To protect national security and business information, confidentiality, integrity, and availability must be considered. First, confidentiality ensures that the necessary level of secrecy is enforced at each junction of data processing and prevents unauthorized disclosure. This level of confidentiality should prevail while data resides on systems and devices within the network, as it is transmitted and once it reaches its destination. The following should be considered: encrypting data as it is stored and transmitted, by using network padding, implementing strict access control mechanisms and data classification, training personnel on proper procedures. Second, integrity of data is protected when the assurance of accuracy and reliability of information and system is provided, and unauthorized modification is prevented. The following should be considered: strict access control, intrusion detection, and hashing. Lastly, availability ensures reliability and timely access to data and resources to authorized individuals. The following should be considered: maintaining backups to replace the failed system, DS to monitor the network traffic and host system activities, and use of certain firewall and router configurations.
Kim, David, and Michael G. Solomon. Fundamentals of Information Systems Security. MA: Jones and Barltlett Learning,
Northrup, Tony. Microsoft Technet. http://technet.microsoft.com/en-us/library/cc700820.aspx.