Professional Documents
Culture Documents
Policies
Principles and Practices
Need-to-know
Definition: Having a demonstrated and authorized
reason for being granted access to information
Should be made a part of the company’s culture
Should be incorporated in security training
curriculum
At the least protects the confidentiality of
corporate data, but may also protect integrity and
availability depending on the attack type
14
Infrastructure Access Controls
A network infrastructure is defined as an interconnected group of hosts
and devices. The infrastructure can be confined to one location or, as often
is the case, widely distributed, including branch locations and home offices.
Access to the infrastructure enables the use of its resources.
Infra structure access control Include physical and logical network design,
border devices, communication mechanisms, and host security settings
Network segmentation
The process of logically grouping network assets, resources, and applications to
have flexibility in implementing security controls.
Type of network segmentation
Enclave network – needs higher degree of protection
Trusted network – internal authorized users can use
Semi-trusted network, perimeter network, or DMZ – used through internet
Guest network – visitors use this
Untrusted network – outside our network- eg: internet
19
Content Filtering and
Whitelisting/Blacklisting
The filters can be supplemented by self-generated, open source, or
subscription-based IP whitelists and/or blacklists.
Whitelists are addresses (IP and/or Internet domain names) of
known “good” sites to which access should be allowed. Conversely,
blacklists are addresses (IP and/or Internet domain names) of
known “bad” sites to which access should be denied. It is common
practice to block entire ranges of IP addresses specific to
geographic regions.
Content-filtering applications can be used to restrict access by
content category (such as violence, gaming, shopping, or
pornography), time factors, application type, bandwidth use, and
media.