The seven domains of a typical IT infrastructure

drug social occasionr The User Domain is the critical bottombone of our engagement and we must pay close attention to user activity and shape user behavior on our network. I list this as a lavishly priority due to the fact that it is the one that will most likely sensory(a) up threats on our network from file downloading and surfing the web. My proposal for a solution for this would be to restrict web shop to only required users. This will impart us to stress our concentration on those users, monitoring for voltage network vulnerabilities.I also purport we machine a basic training course on the decent use of handsome data and best common computer practices. Workstation The Workstation Domain is where we can focus our heftiness on maintaining a clean network. We should do nightly anti-virus scans which will report any found issues back to the IT Department. This will then allow the IT Department to track down the user responsible for infecting the network and allow us to pursue corrective action. LAN For the wired portion of our network, I propose a some solutions that will help hard our network.First we will need to find the safety of our equipment from tampering. We should have all switches and sensitive equipment (i. e. Servers and Network Attached Storage (NAS) Devices) in a room that is locked at all times. If available, we can use a card access system to monitor employees that gain access to this portion of our network. Wireless connections unresolved our network to potential threats. We should do everything possible to limit the number of allowed wireless devices on our network. I suggest that we enforce a policy of a primary and scrapary wireless network.This would allow us to strain our employees the functions they need while maintaining a secure network. Our primary network will be secured with Wi-Fi Protected gateway version 2 (WPA2) and the user of a complex passphrase to prevent brute force attacks. This section of our net work will have a limited number of users allowed, with each users activity being closely monitored. The second wireless network will be an separated network which will allow all canonic employees and clients to gain alfresco access on their mobile devices, without compromising our network.Another step would be to implement tribute on the network side by locking down each switch port to a specific mac address. This will help circumvent someone from removing the cable from a computer and plugging in another device. While this doesnt completely eliminate threats of that kind, it will lessen the chance of having an unknowing user infect our network with a virus brought from another destination. LAN to WAN The bridge between our outside network or WAN to the internal network should be monitored closely.As mentioned in the WAN section above, we should focus on restricting access to our network to help prevent unwanted attacks. I suggest that we implement a hardware firewall on our ne twork. A hardware firewall will give our network a much(prenominal) needed layer of security against potential threats. WAN For this domain I suggest that we implement practical(prenominal) Private Network (VPN) servers for any of our employees or clients that are trying to access our network removedly.We should also ensure that all unused ports on our network are blocked which would help limit attacks on our network. We should snuggle it from the stance of what we need, not what we do not need and start our outbound firewall with all ports closed. Only open the ports that are needed to have our network function. Remote Access The Remote Access Domain should be monitored closely with each connection and activity extensively logged. Allowing access to our network from an outside source, opens up some possible threats to our network.I suggest that we create a separate server and network for our remote access, keeping it isolated from our primary network. We could implement serv er and storage mirroring for both networks. This would allow employees to work on projects from a remote position, or clients see the progress of project and not put our network at risk. Systems/Applications Since the system/ industriousness domain consists of all of a businesss mission-critical systems, applications, and data it is important to ensure that this domain is secure at all times.Failure to do so will result in large amounts of sensitive teaching as well as the threat of having productions cease to function. Unauthorized physical access is gaining access to a physical entity without permission. This is potentially dangerous because if an individual were to gain such access they could destroy the systems and data deep down the systems. This threat is centered on access to such places as data centers with a great mess hall of sensitive information. To prevent unauthorized physical access policies, standards, procedures and guidelines must be followed.For example, all guests must be escorted by an employee at all times. Staff should immediately report any suspicious activity and question persons that do not have an employee ID or badge visible. Data loss occurs when any stored data is destroyed. This is considered the greatest risk to the system/ application domain. To combat data loss, backups should occur regularly. The backups should be stored at an off- site location to allow full data recovery in the event of data loss.