Scribd Logo
Upload

Welcome to Scribd!

  • Seven Domains of A Typical IT Infrastructure PDF

    Uploaded by

    karan
    20 views2 pages

    Original Title

    Seven Domains of a Typical IT Infrastructure (1).pdf

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    20 views2 pages

    Seven Domains of A Typical IT Infrastructure PDF

    Uploaded by

    karan

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    SEVEN DOMAINS OF A TYPICAL IT INFRASTRUCTURE

    AND THE SECURITY CONTROLS IN EACH DOMAIN

    User Domain—This domain refers to actual users whether they are employees, consultants,
    contractors, or other third-party users. Any user who accesses and uses the organization’s IT
    infrastructure must review and sign an acceptable use policy (AUP) prior to being granted access
    to the organization’s IT resources and infrastructure. This set of users must also agree to abide
    to the organization defined rules and regulation, as well as operate in deferent level of trust with
    the assigned privileges and permissions based on need to know.
    Workstation Domain—This domain refers to the end user’s desktop devices such as a
    desktop computer, laptop, VoIP telephone, printer, scanner and other end-point device.
    Workstation devices typically require security countermeasures such as antivirus, antispyware,
    and vulnerability software patch management to maintain the integrity of the device.

    LAN Domain—This domain refers to the physical and logical local area network (LAN)
    technologies (i.e., 100 Mbps/1000 Mbps switched Ethernet, 802.11-family of wireless LAN
    technologies) used to support workstation connectivity to the organization’s network
    infrastructure. This domain requires security control such as port security, AAA (Authentication,
    Authorization and Accounting), layer 2 protections to protect against MAC Spoofing attacks, ARP
    Cache poisoning attacks, DHCP spoofing attacks, etc.

    LAN-to-WAN Domain—This domain refers to the organization’s internetworking and


    interconnectivity point between the LAN and the WAN network infrastructures. Routers,
    firewalls, demilitarized zones (DMZs), and intrusion detection systems (IDSs) and intrusion
    prevention systems (IPSs) are commonly used as security monitoring devices in this domain.

    Remote Access Domain—This domain refers to the authorized and authenticated remote
    access procedures for users to remotely access the organization’s IT infrastructure, systems, and
    data. Remote access solutions typically involve Secure Sockets Layer (SSL) 128-bit encrypted
    remote browser access or encrypted virtual private network (VPN) tunnels for secure remote
    communications.

    WAN Domain—Organizations with remote locations require a WAN to interconnect them.


    Organizations typically outsource WAN connectivity from service providers for end-to-end
    connectivity and bandwidth. This domain typically includes routers, circuits, switches, firewalls,
    and equivalent gear at remote locations sometimes under a managed service offering by the
    service provider.

    System/Application Domain—This domain refers to the hardware, operating system


    software, database software, client/server applications, and data that is typically housed in the
    organization’s data center and/or computer rooms. A good security controls that can be put in
    place is this domain are encryption, physical access controls, application proxy, web application
    firewall, etc.

    You might also like