'The seven domains of a typical IT infrastructure\r'

' drug functionr †The User Domain is the critical backbone of our interlocking and we moldiness pay close attention to user activity and shape user behavior on our net. I list this as a high precedency due to the fact that it is the one that entrust approximately likely open up scourges on our net profit from file slewwardloading and surfing the web. My proposal for a beginning for this would be to restrict web browsing to but required users. This testament bothow us to steering our concentration on those users, monitoring for potential vane vulnerabilities.I also suggest we implement a primary election training course on the proper use of affectionate entropy and best common calculating machine practices. Workstation †The Workstation Domain is where we can focus our energy on maintaining a clean intercommunicate. We should do nightly anti-virus scans which exit base any found issues back to the IT Department. This pass on then take the IT Departm ent to track down the user responsible for soiling the profit and furnish us to pursue corrective action. local bea network †For the wired mickle of our network, I propose a few solutions that testament help secure our network.First we give ask to check off the safety of our equipment from tampering. We should have all switches and sensitive equipment (i. e. Servers and vane Attached Storage (NAS) Devices) in a path that is locked at all times. If available, we can use a card entr√©e system to monitor employees that tally access to this portion of our network. Wireless connections open our network to potential threats. We should do everything practicable to limit the spell of allowed radio devices on our network. I suggest that we go for a policy of a primary and collateral wireless network.This would allow us to give our employees the functions they need while maintaining a secure network. Our primary network will be secured with Wi-Fi Protected adit random variable 2 (WPA2) and the user of a complex passphrase to go along brute force attacks. This section of our network will have a limited number of users allowed, with each users activity being intimately monitored. The second wireless network will be an isolated network which will allow all approved employees and clients to take a leak outside access on their mobile devices, without conciliatory our network.Another step would be to implement security on the network side by locking down each switch port to a particular proposition mac address. This will help circumvent individual from removing the cable from a com locateer and plugging in other device. While this doesn’t completely eliminate threats of that kind, it will lessen the chance of having an unknowing user infect our network with a virus brought from another destination. LAN to WAN †The bridge between our outside network or WAN to the internal network should be monitored closely.As mentioned in the W AN section above, we should focus on restricting access to our network to help close out unwanted attacks. I suggest that we implement a hardware firewall on our network. A hardware firewall will give our network a much required layer of security against potential threats. WAN †For this firmament I suggest that we implement Virtual offstage Network (VPN) legions for any of our employees or clients that are exhausting to access our network remotely.We should also ensure that all unused ports on our network are out of use(p) which would help limit attacks on our network. We should approach it from the stead of what we need, not what we do not need and pass over our outbound firewall with all ports closed. Only open the ports that are needed to have our network function. Remote Access †The Remote Access Domain should be monitored closely with each connection and activity extensively logged. Allowing access to our network from an outside source, opens up many possible threats to our network.I suggest that we create a separate server and network for our remote access, keeping it isolated from our primary network. We could implement server and storage mirroring for both networks. This would allow employees to work on projects from a remote location, or clients see the progress of project and not put our network at attempt. Systems/Applications †Since the system/ application field of honor consists of all of a business’s mission-critical systems, applications, and data it is important to ensure that this domain is secure at all times.Failure to do so will direct in large amounts of sensitive information as well as the threat of having productions cease to function. self-appointed sensible access is gaining access to a physical entity without permission. This is potentially dangerous because if an individual were to gain much(prenominal) access they could destroy the systems and data within the systems. This threat is centered on a ccess to such places as data centers with a great deal of sensitive information. To pr accompaniment unauthorized physical access policies, standards, procedures and guidelines must be followed.For example, all guests must be escorted by an employee at all times. Staff should immediately report any suspicious activity and question persons that do not have an employee ID or badge visible. selective information loss gets when any stored data is destroyed. This is considered the greatest risk to the system/ application domain. To combat data loss, backups should occur regularly. The backups should be stored at an off- site location to allow full data recovery in the event of data loss.\r\n'