Typical IT Infrastructure

Running head: THE SEVEN DOMAINS OF A TYPICAL IT INFRASTRUCTURE

The Seven Domains of a Typical IT Infrastructure Yolanda Miller ISSC481: Security Planning and Policy Professor Jackie Galvan, MSIS March 20, 2012

Typical IT Infrastructure

TABLE OF CONTENTS Introduction 3 Definition 3 Domain I 4 Domain II 4 Domain III 5 Domain IV 5 Domain V 6 Domain VI 6 Domain VII 7 Conclusion 7 References 8

Typical IT Infrastructure

Introduction There are seven logical domains that make up a typical information technology (IT) infrastructure. Defining each domain will help to better understand the path of data from the point of origin, follow it throughout the network(s) to its final destination. By identifying each domain, we can recognize the challenges corporations face when dealing with the collection, storage and processing of information. In understanding each logical domain, business, technical and security policies could be better planned to counter the challenges that usually present themselves. Definition Domain I User The user domain refers to relatively any user that has the ability to access information. It does not matter what type of information they are accessing, it can be any form, from any source. If there is a person accessing information, this person is considered a user. Some examples of a user include employees, contractors, consultants, customers, or any other third party (Johnson, 2011). Another name for a user is an end user. So what does the user domain include and why is it important? For starters, the user has enough power to critically damage an organization. Not only does the user domain apply to technological sources of information, but physical and spoken information as well. As a matter of fact, control of information begins at the onset of discovery. For example, if management announces that a new policy was released, the user is now aware. This is where control of information is initiated. Along with awareness of policies, there is also on-the-job training that initiates control of information. An employee or student can be aware of a process, pass a written

Typical IT Infrastructure

test on every aspect of the process, however when the situation arises and it is time to actually perform the process correctly, he may fail. Practical training can be beneficial to many users. Before allowing a user full-blown access to company information there are several crucial policies that should be included in the companys awareness training program which include the following:
Acceptable use policy (AUP) which defines acceptable and unacceptable conduct when accessing information. E-mail policy includes rules regulating what is considered acceptable use of a companys e-mail server.

Privacy policy covers the protection of privacy and what information falls under this category. System access policy defines rules to abide by when accessing any company system (Johnson, 2011).

When considering critical components of the User Domain, authentication and authorization should be priorities. Authentication approaches should be efficient and effective, as well as compliant with regulations. Authorization is critical especially when attempting to control thousands of employees and/or devices. Domain II Workstation A great majority of organizations require the use of computing devices, whether the device is a desktop, laptop, smartphone, or tablet, these devices make up the Workstation Domain. Going back to the previous section which explained the User Domain, upon authentication, now the user seeks access to information through the use of a workstation. Just like in the User Domain where users are assigned a means of authentication, workstations are also assigned identifiers. Again,

Typical IT Infrastructure

just how users are restricted to what they can access, workstations are also restricted to certain capabilities. Some workstations can be allowed on a network and some may not. Workstation Domains are set up to control and restrict permissions within the actual workstation itself. For example, Sally can be assigned a laptop, however the workstation has been configured to deny any installation of new software, configuration of existing software or downloads from the Internet. This is important in preventing malicious codes and viruses from being installed. Domain III LAN The LAN Domain has to do with every piece of equipment that a LAN is comprised of. There are network devices that make access possible between local offices or buildings. Some common network devices include hubs, switches, routers, and firewalls. Business LANs consist of many layers of controls. They are best defined as either flat or segmented networks. Flat networks have little controls for the purpose of limiting network traffic (Johnson, 2011). A segmented network will actually regulate how computers can communicate. This is how it restricts network traffic and filters out unauthorized network traffic. Domain IV WAN When we think about the WAN Domain, the Internet comes to mind. This is the model case for many organizations. However, there is such a thing as a private WAN. There are some organizations that benefit from this option and are able to lease dedicated lines to create their very own private WAN. In my opinion, nothing beats the Internet! Many organizations would agree, so a virtual private network (VPN) is a good option for them. VPNs keep communications private

Typical IT Infrastructure

and secure and more organizations are taking advantage of this solution. With VPNs there is an encrypted tunnel that is created via the Internet and connected to each network device. This network device is known as a VPN concentrator, it manages VPN traffic and protects communication from unauthorized eavesdropping. Domain V LAN-to-WAN The bridge that connects a LAN to a WAN is known and the LAN-to-WAN Doman. This is necessary to connect offices internationally. Say you have an office in New York, however there is also a corporate office in Germany, you would need to connect to a WAN for communication to be possible. An example of a WAN is the Internet, which is considered an open network. For information to remain secure, a part of the LAN must be segmented into a demilitarized zone. This makes it possible for firewalls to filter traffic in between the internal network and the DMZ (Jones & Barlett, 2012). Picture a DMZ server sitting in the middle of two layers of firewalls. However, that is not always the case, there are many different configurations, as long as traffic is limited. Domain VI Remote Access

Domain VII System/Application

Conclusion

Typical IT Infrastructure

References Considerations in Planning a Network Infrastructure. (n.d.) Retrieved on 20 March 2012 from http://www.tech-faq.com/considerations-in-planning-a-network-infrastructure.html IBM Corporation. (2007). IT Optimization to Meet Business Goals. Somers, NY: IBM Global Services. Retrieved on 20 March 2012 from www.ibm.com/services Johnson, Rob. (2011). Security Policies and Implementation Issues. Sudbury, MA: Jones & Bartlett Learning. Jones and Barlett Learning, LLC. (2012). Fundamentals of Information Systems Security. Retrieved on 20 March 2012 from www.jblearning.com