NT2580 Unit 1

Three IT infrastructure domains that would be mostly affected by the “Internal Use Only” data classification standard would be the User Domain, the Workstation Domain, and the LAN domain. The first domain that would be affected is the User Domain. The User Domain defines the people who access an organization’s information system. One of the roles and tasks is that the user can access systems, applications, and data depending upon their defined access rights. Inside the User domain is where the user would find the acceptable user policy or AUP. The AUP defines what users are allowed to do within the organization-owned IT assets. The User Domain is considered the weakest and most affected domain. One reason why is that it has a lack of user awareness. Another reason is that when users are downloading various content and different files, they generally do not conform to the established security guidelines. To protect from these issues, there should be enabled content filtering as well as automatic antivirus scans. A way to protect from an user doing Employee blackmail or extortion is to enable intrusion detection system/intrusion prevention system (IDS/IPS) monitoring. The monitoring will examine the IP data streams for inbound and outbound traffic. A second domain that is affected is the Workstation Domain. The Workstation Domain is where most users connect to the IT infrastructure. A workstation can be a desktop computer, laptop or any device that connects to the network. A role of the workstation domain is that the organization’s staff should have the access necessary to be productive. Some tasks included are configuring hardware, hardening systems, and verifying antivirus files. Threats that are included in the Workstation Domain include Unauthorized access to the workstation, Desktop/laptop computer operating system software vulnerabilities, viruses, and downloading content like photos/music via the Internet. To protect from unauthorized access, enable password protection on all the workstations. Also enable auto screen lockout when there is a long inactive time. A way to protect from operating system software vulnerabilities is to periodically do Workstation Domain vulnerability tests in order to find windows. A vulnerability window is a gap in time that you leave the computer unlatched with security updates. With issues concerning viruses, enable an automated antivirus protection solution that will scan and update individual workstations with proper protection. Protecting from users downloading content like photos or music, enable auto-scans for all new files and automatic file quarantine for all unknown file types. A third domain that would be affected from “Internal Use Only” is the LAN Domain. The LAN Domain includes both the physical network components as well as the logical configuration of services for users. Some risks that occur in the domain include Unauthorized access, LAN server software vulnerabilities, and data transmissions being compromised. A way to protect from unauthorized access is to make sure wiring closets, data centers, and computer rooms are secured. Make sure that anyone without the proper ID is not allowed in. To protect from server software vulnerabilities is to conduct periodic vulnerability assessments to find software gaps. A vulnerability assessment is a software review that identifies bugs or errors in the software. The bugs or errors will go away when the software patches and fixes are uploaded. A way to protect from data transmission being compromised is to implement encryption between the workstation and WAP to maintain confidentiality.
Source:
Kim, David. Fundamentals of Information Systems Security. Burlingtion, MA: Jones & Barlett Learning, 2012.