...LAB 1 PART - A RISK – THREAT - VULNERABILITY | PRIMARY DOMAIN IMPACTED | Unauthorized access from public Internet | LAN –WAN | User destroys data in application and deletes all files | USER | Hacker penetrates your IT infrastructure and gains access to you internal network | SYSTEM APPLICATION | Intra-office employee romance gone bad | USER | Fire destroys primary data center | LAN | Communication circuits outages | WAN | Workstation OS has a known software vulnerability | LAN – WAN | Unauthorized access to organization owned | USER | Workstations | USER | Loss of production data | SYSTEM APPLICATION | Denial of Service attack on organization e-mail Server | LAN – WAN | Remote communications from home office | REMOTE ACCESS | LAN server OS has a known software vulnerability | LAN | User downloads an unknown e-mail attachment | USER | Workstation browser has software vulnerability | WORKSTATION | Service provider has a major network outage | WAN | Weak ingress/ egress traffic filtering degrades Performance | LAN – WAN | User inserts CDs and USB hard drives with personal photos, music, and videos on organization owned computers | USER | VPN tunneling between remote computer and ingress/egress router | REMOTE ACCESS | WLAN access points are needed for LAN connectivity within a warehouse | LAN – WAN | Need to prevent rogue users from unauthorized WLAN access | WAN | LAB ASSESSMENT QUESTIONS 1. Unauthorized access to organization...
Words: 307 - Pages: 2
...first column of the table below, explore answers to the following questions: ▪ Where does the countermeasure belong in the seven domains of a typical IT infrastructure? ▪ What CIA functions does the countermeasure provide? Provide your answers in the table below. |Network Security Applications and Countermeasures |Domains |CIA Function | |Ethical hacker |User |Integrity | |Intrusion detection system/intrusion prevention system |LAN-to-WAN |Integrity | |(IDS/IPS) |Workstation | | |Access controls |Workstation |Confidentiality and integrity | | |LAN | | | |LAN-to-WAN | | | |WAN | | | ...
Words: 278 - Pages: 2
...Review the seven domains of a typical IT infrastructure In your Lab Report file, describe how risk can impact each of the seven domains of a Typical _IT infrastructure: User, Workstation, Local Area Network (LAN), Local Area Network-to-Wide Area Network (LAN-to-WAN), Wide Area Network (WAN), Remote Access and System/Application domains. The answer is the seven domains of an IT infrastructure are classified below, and their risk factors. A. User Domain: Any user, worker, employee, contractor, or individual. They are considered to be the weakest link in IT security and the risk. B. Workstation Domain: The work station, client or standalone home system. The risk is Hackers use malicious software known as malware. C. LAN Domain: The private LAN, from SOHO’s to large corporations. To protect this domain it must be inside of a firewall if it does not have a firewall it is vulnerable and a risk. D. LAN to WAN Domain: Wan connections between LAN locations, like which are controlled by the third party entities. Here where LAN is in a trusted zone and the WAN is in an untrusted zone, so the LAN to WAN can be protected by firewalls. E. Remote Access Domain: It connects remote users to the organization’s infrastructure. It can be used by VPN and Dialup connections. This can provide access to a private network on a public network, this is where it is untrusted and attackers can attack and can be a major risk. F. WAN Domain: WAN domains are networks, such as ATM’s, frame relays...
Words: 558 - Pages: 3
...Course Name and Number: Risk Management IS355 Student Name: Sherry Best Instructor Name: Nicole Goodyear Lab Due Date: 1/16/2018 In your Lab Report file, describe how risk can impact each of the seven domains of a typical IT infrastructure: User, Workstation, Local Area Network (LAN), Local Area Network to Wide Area Network (LAN-to-WAN), Wide Area Network (WAN), Remote Access, and System/Application domains. Risk is the likelihood that a loss will occur. A loss results in a compromise to business functions or assets. • User Domain can come in various forms; people are the weak link here such as a user writing a password on a sticky note and sticking under the keyboard or on the monitor. Unknown to the user a malicious individual can log unto the network or domain using that person's credential to steal or launch a DoS or a DDoS attack. This can overwhelm the entire network that can lead to loss of revenue for the organization....
Words: 695 - Pages: 3
...countermeasure belong in the seven domains of a typical IT infrastructure? * What CIA functions does the countermeasure provide? Provide your answers in the table below. Network Security Applications and Countermeasures | Domains | CIA Function | Ethical hacker | * Workstation domain | Availability | Intrusion detection system/intrusion prevention system (IDS/IPS) | * System/Application domain * Remote access domain * LAN-to-WAN domain | Integrity | Access controls | * LAN-to-WAN domain * WAN domain | Confidentiality | Failover server | * WAN domain * LAN-to-WAN domain | Availability | Automatic updates | * Workstation domain | Availability | Cryptography | * LAN-to-WAN domain | Confidentiality | Data backups | * System/Application domain | Availability | Logon rights | * LAN domain | Integrity | Computer cluster | * Workstation domain | Integrity | Firewalls | * LAN domain | Confidentiality | Proxies | * LAN-to-WAN domain | IntegrityConfidentiality | Antivirus scanners | * Workstation domain | Confidentiality | As a reminder, the seven domains of a typical IT infrastructure include the following domains: * User domain: Actual users * Workstation domain: Workstations, laptops, and end-point devices, such as smart phones and printers * LAN domain: Physical and logical LAN technologies—100 Mbps/1000 Mbps switched Ethernet, 802.11-family of wireless LAN technologies—used to support...
Words: 296 - Pages: 2
...Jayveu Diaz Instructions: Given the network security applications and countermeasures in the first column of the table below, explore answers to the following questions: ▪ Where does the countermeasure belong in the seven domains of a typical IT infrastructure? ▪ What CIA functions does the countermeasure provide? Provide your answers in the table below. |Network Security Applications and Countermeasures |Domains |CIA Function | |Ethical hacker | | | | |User |Integrity | |Intrusion detection system/intrusion prevention system (IDS/IPS) | | | | | | | | |LAN-to-WAN | | | |Workstation |Integrity | |Access controls | ...
Words: 317 - Pages: 2
...1. Identify threats to the seven domains of IT within the organization. User Domain: Employee lack of education. A social engineer can trick an employee into giving up there credentials. Users can visit risky web sites and download and execute infected software. Workstation Domain: Susceptible to malicious software. The anti-virus software is installed and up to date. Computers that aren’t patched can be exploited. LAN Domain: Any data on the network that is not secured with appropriate access controls is vulnerable. Weak passwords can be cracked. Permissions that aren’t assigned properly allow unauthorized access. LAN to WAN Domain: Users can visit risky web sites and download and execute infected software. Firewalls with unnecessary ports open allow access to the internal network from the internet. WAN Domain: Any public facing server is susceptible to DoS and DDoS attacks. A FTP server that allows anonymous uploads can host worms from hackers. Remote Access Domain: An attacker can access unprotected connections allowing the attacker to capture and read the data. System/Application Domain: Threats would be not changing default passwords, unneeded services and protocols. 2. Identify the vulnerability’s in the seven domains. User Domain: User’s going to unrestricted websites and executing infected software. Workstation Domain: If computers anti- virus software is not up to date then it is exploited. LAN Domain: A user that doesn’t change their password on...
Words: 553 - Pages: 3
...| LAB 4 * A. Healthcare provider under HIPPA compliance law * Risk-Threat-Vulnerability | Primary Domain Impacted | Risk Impact/Factor | Unauthorized access from public Internet | LAN-WAN | Major | User destroys data in application and deletes all files | USER | Minor | Hacker penetrates your IT infrastructure and gains access to you internal network | SYSTEM APPLICATION | Critical | Intra-office employee romance gone bad | USER | Minor | Fire destroys primary data center | LAN | Major | Service provider SLA is not achieved | WAN | Major | Workstation OS has a known software vulnerability | LAN-WAN | Major | Unauthorized access to organization owned workstations | USER | Major | Loss of production data | SYSTEM APPLICATION | Minor | Denial of Service attack on organization DMZ and e-mail server | LAN-WAN | Critical | Remote communications from home office | REMOTE ACCESS | Minor | LAN server OS has a known software vulnerability | LAN | Major | User downloads an unknown e-mail attachment | USER | Minor | Workstation browser has software vulnerability | WORKSTATION | Major | Mobile employee needs secure browser access to sales order entry system | REMOTE ACCESS | Minor | Service provider has a major network outage | WAN | Critical | Weak ingress/ egress traffic filtering degrades Performance | LAN-WAN | Major | User inserts CDs and USB hard drives with personal photos, music, and videos on organization owned computers |...
Words: 296 - Pages: 2
...threats that may bypass one level are dealt with at another. In addition, layering security helps mitigate the risk of an employee who disables protection on his or her desktop. The gateway serves as an entry and exit point to the company network. By installing a security solution such as antivirus and content filtering at this tier, mass-mailer worms are scanned and deleted and spam is moved to quarantines. Mail servers should also be equipped with security. These systems receive, send, and store email, and an email security solution work together with the email program to provide a greater degree of protection against malicious code. The User Domain defines the people who access an organization’s information system. Users can access systems, applications, and data depending upon their defined access rights. In this domain is where you will find an acceptable use policy (AUP), which defines what users are allowed to do with organization-owned IT assets. It’s like a rule book that employees must follow....
Words: 1445 - Pages: 6
...Security Domains & Strategies Here a Richman Investments there are several elements that are involved in our multi-layered security plan. I'm a little new at this so bear with me. I know that there seven domains of a typical IT infrastructure. I will discuss a few general security problems and solutions to those problems. I know that the user domain is by far the weakest link. User's are responsible for their use of IT assets. A good way to avoid this is to give users proper security awareness training and enforce strict policy violations. Another domain is the workstation domain. The desktop support group is responsible for the workstation domain. Ways to improve things would be to enable password protection on workstation for access and using good antivirus and malicious code policies. Up next is the LAN domain. The LAN support group is in charge of the LAN domain. This could be improved by making sure that the wiring closets, data centers, and computer rooms are locked and secure. You would have to keep in mind of your LAN-to-WAN domain. The network security group is solely responsible for the LAN-to-WAN domain. Ways to fix this would include applying strict security monitoring controls for intrusion detection and prevention and also disabling pinging, probing, and port scanning on all exterior IP devices within the LAN-to-WAN domain. Now let's talk about the WAN domain. the network engineer or WAN group is responsible for the WAN domain. Ways we could...
Words: 399 - Pages: 2
...been tasked with creating a general solutions outline for safety and data information that belongs to the organization. The following outline will discuss security solutions for each of the seven domains of the IT infrastructure. User Domain The User Domain is the weakest. The most common vulnerability is the lack of user awareness and user apathy toward security policies. This risk is avoided by conducting security awareness training and consistent reminders of the security policies via emails or banner greetings. Conducting annual training and updating the staff manual will go a long way to help avoid this risk. User media, as well as, personal USB’S are another security risk to the User Domain. This risk is protected by disabling the internal CD drives and USB ports, and enabling automatic antivirus scans for inserted media drives, files, and email attachments. Content filtering network devices are configured to permit or deny specific domain names in accordance with AUP definition. The last way to protect the User Domain will be to restrict access to only those systems, applications, and data needed to perform the employee’s particular job requirement, this will help protect user destruction of systems. Workstation Domain The Workstation Domain consists of desktops, laptops, and or personal data assistants (smartphones). The following will list some of the most common threats followed by the security solution: Unauthorized access to workstation-...
Words: 992 - Pages: 4
...Identified at least three IT infrastructure domains affected by "Internal Use Only" data classification standard. THE SEVEN DOMAINS OF A TYPICAL IT INFRASTRUCTURE 1. User Domain defines the people who access an organization’s information system. 2. Work Station Domain is where most users connect to the IT infrastructure. It can be a desktop computer, or any device that connects to your network. 3. Local Area Network (LAN) DOMAIN is a collection of computers connected to one another or to a common connection medium. Network connection mediums can include wires, fiber optic cables, or radio waves. 4. LAN-TO-WAN DOMAIN is where the IT infrastructure links to a wide area network and the Internet. 5. Wide Area Network (WAN) DOMAIN connects remote locations. WAN services can include dedicated Internet access and managed services for customer’s routers and firewalls. Networks, routers, and equipment require continuous monitoring and management to keep WAN service available. 6. REMOTE ACCESS DOMAIN connect remote users to the organization’s IT infrastructure. The scope of this domain is limited to remote access via the Internet and IP communications. 7. System/Applications Domain an application domain is the CLR equivalent of an operation system’s process. An application domain is used to isolate applications from one another. This is the same way an operating system process works. The separation is required so that applications do not affect one another. This separation...
Words: 652 - Pages: 3
...Brian Gobrecht IT255 Project Part 1 The domains of an infrastructure are broken down into several parts. The User, Workstation, LAN, LAN-to-Wan, Remote Access, Wan, and System/Application domains. All of these are a very crucial part of a domain structure and if one fails to do its proper job most of it or all of it will come to a screeching halt. The User Domain is pretty self-explanatory yes a system can do without a user but by itself it’s more probable to breakdowns and other things to go wrong. So to help the user out in a way it’s not damaging to the infrastructure. One way is to have the computer scan for viruses in anything that plugs into the usb slot such as a portable hard drive or a memory card. As for unauthorized downloads such as music or photos I suggest enable content filtering. Workstation domains are another vital part of keeping the system healthy at most times. To protect this I suggest either at the door of the server room keycards to get in and at the workstation itself both a physical and pass worded approach to ensure the right person is getting in. And to add further measure of security the room would be camera surveyed and users will be logged. A LAN domain can be a very volatile domain with all the wiring and NIC cards and LAN switches common in most rooms. If we are to hopefully secure this part of the domain I would like to be able to restrict access to the computers and laptops that are only necessary to the work environment. So if someone...
Words: 474 - Pages: 2
...Project 1 9/19/2011 ISS Project 1 1. User domain: * Made up of typical IT users and the hardware, software, and data they use. The user domain is the weakest link in an IT infrastructure. Conduct annual security awareness training, implement acceptable use policy, update staff manual and handbook, discuss during performance reviews. 2. Workstation domain: * Roles, tasks, responsibilities and accountability come into play in the workstation domain. Enabling password protection on workstation for access. Enable auto screen lockout for inactive times. 3. LAN domain: * Small network organized by function or department, allowing access to all resources on the LANs. Using NIC cards, Ethernet LAN, LAN switch, UTP cabling are just some ways in connecting to a network. Implementing LAN server and configuration standards procedures and guideline can help a lot in security. 4. LAN-to-WAN domain: * The point at which the IT infrastructure joins a WAN and the Internet.LAN to WAN use different protocols for data transfer. Some are HTTP, FTP, TFTP, Telnet and SSH. A complete list of well know ports numbers from 0 to 1023 is maintained by IANA. Applying file transfer monitoring, scanning and alarming for unknown file types from unknown sources would be a form of security. 5. WAN domain: * The point at which the WAN connects to other WANs via the Internet. What goes on with the WAN domain goes through IP firewalls, IP routers, VPNs, MPLS and...
Words: 366 - Pages: 2
...Cincinnati, OH User Domain * Have employees sign confidential agreement * Introduce an AUP acceptable use policy * Have HR verify an employee’s identity with background checks * Conduct security awareness training * Enable content filtering and antivirus scanning * Restrict access to only info needed to perform job * Track and monitor abnormal behavior of employees Workstation Domain * Implement workstation log on ids and password * HR must define proper access controls for workers based on jobs * IT security must then assign access rights to systems, apps, and data * IT director must ensure workstation conforms to policy * Implement second level test to verify a user’s right to gain access * Start periodic workstation domain vulnerability tests to find gaps * Define workstation application software vulnerability window policy * Use content filtering and antivirus scanning at internet entry and exit * Mandate annual security awareness training LAN Domain * Setup of user LAN accounts with logon ID and password access controls * Make sure wiring closets, data centers , and computer rooms are secure * Define strict access control policies * Implement second level identity check * Define a strict software vulnerability window policy * Use WLAN network keys that require a password for wireless access * Implement encryption between workstation and WAP LAN to WAN Domain * IP routers and...
Words: 1912 - Pages: 8
