search

1.1

Securing seven domains of a typical IT infrastructure is the starting point to address cyberthreats in any company. The following elaborates on the seven domains of the infrastructure.

Content

  1. User domain

  2. Workstation domain

  3. LAN domain

  4. LAN to WAN domain

  5. WAN domain

  6. Remote access domain

  7. System and application domain

1.User Domain

  • end users that access company IT infrastructure within the network and outside the network

  • companies must enforce robust password policies ,2FA,access privilege management, AUP, conduct employee training and awareness

2.Workstation domain

  • Domain contains devices used to access the device used to access the organization's IT infrastructure

  • Workstation can be infected by viruses/malware

  • Companies should take actions to harden all devices used by employees and adopt Defence in Depth strategy.

  • Hardening can be implemented by:

    • Having software revisions , security patches (update software regularly)

    • System configuration

    • Use of anti malware, anti virus software (legitimate)

    • Individual workstation login ID/password

3.LAN domain

  • Domain includes all technologies that establishes LAN and connect to the organization’s It infrastructure

  • Usually a prime target for cyberattacks

  • Segmentation is suggested to mitigate the above, as the network is then divided for different users (eg. Employees vs visitors)

    • Ensures that the internal network will not be infected even if an outsider is connected to the network

  • Firewall should also be deployed to have egress filtering to limit users’ access to the internet. (allow only 80/443, but the rest should be authorized case by case

  • Users should not access the internet from every port to avoid being infected by malware or botnets.

  • Network Security Protocols to encrypt communication, and ensure data transported through network's connections stays safe and secure should also be implemented. -(give some examples)

4.LAN to Wan domain -Domain where IT infrastructure connects to the Internet.

-important security controls need to be applied

-all security appliances must be configured to comply with the policies defined by -IP routers need to be logically configured to ping , along with ACL to filter traffic -Firewall to filter traffic -DMZ which serves as a buffer zone between inbound and outbound traffic -IDS to identify attack and malicious intent and trigger an alarm to responders once detecting a threat -Proxy server, which acts as a middleman where data is analysed and screened before being relayed to their destination IP -Web content filtering which filters dao main names an prevent unauthorised traffic from entering IT infrastructure -Email content filter, which blocks the content of all emails until prophet screened for viruses, then allow clear emails to pass to users

5.WAN domain -The WAN domain is the wide network where all entities including other businesses, websites, and all external users exist in.

-End users communicate with LAN using VPN,FTP,SSH

-Setting up LAN-to-WAN will mitigate any risks that comes from WAN

-Using firewalls and conducting constant penetration tests are key to ensuring that this domain remains secure

6.Remote access domain

The Remote access domain is when users gain access to an IT infrastructure remotely (WFH)

  • Remote access introduces risk

  • VPN is used to provide secure remote access connection across internet. This is achieved by providing an encrypted communication tunnel and authentication to ensure CI, Privacy of communications over the internet.

  • Important to use 2FA to authenticate users before they are able to access the infrastructure

  • Procedures like Conducting regular audits, monitoring logins attempts and using strict firewall ACLS

7.System and applications domain

  • Domain includes all system and software applications that users access. (Eg. Application servers, web servers, proprietary software, Database servers and applications)

  • Use of a data loss prevention system should be used to monitor the 5W1H of a file.

  • Good practices

    • Regular patching to maintain systems and software

    • Install antimalware/antivirus software to stop infectious downloads through email/compromised website.

    • User training and awareness to ensure that users recognize phishing and social engineering schemes to prevent hackers from penetrating the network through them.

Apart from the above,

  • Regular risk assessments should be conducted to identify risks and threats faced by the company

  • Security Measures should also be updated/reviewed constantly to be effective in reducing, neutralizing and eliminating the identified threats.

  • Company's employees should also receive constant awareness and training sessions to educate on the security threats including social engineering attacks

  • Auditing and penetration testing need to be regularly conducted to identify problems proactively to address them.

Establishing an IT security program requires administrative, physical, and technical measures and controls to ensure the IT infrastructure is protected.

Previous1Next1.2

Last updated