|
Lesson 2
Planning a Security Framework
8-15
Designing a Security Infrastructure
The initial design phase of a security infrastructure should run
concurrently with the
network design. Security issues can have a major effect on many elements of
your net-
work design, including the hardware components you purchase, the locations
you
select for the hardware, and how you configure individual devices. The
design phase
begins with identifying the resources that need protection and evaluating
the threats to
those resources.
Even the smallest organization has information it should protect, such as
financial data
and customer lists. Other valuable commodities might include order entry
data,
research and development information, and confidential correspondence. In
more
extreme cases, your organization might possess secret government or military
informa-
tion. The threats to your data can range from the casual to the felonious.
In many cases,
a modicum of security can protect your confidential data from curious
employees and
casual Internet predators. However, targeted threats, such as those mounted
by busi-
ness competitors and even rival governments, require more serious security
measures.
Tip
In addition to deliberate attempts to penetrate security, your confidential
data is in dan-
ger from accidents, thefts of equipment, and natural disasters. When
planning the protection
of your data, don’t forget to include fault tolerance solutions that can
prevent data loss due to
drive failures, fires, and other accidents.
After your team has identified the resources that need protection and has
determined
how severe the threats are, you can plan how to secure them. This is where
the tech-
nically oriented members of the team come into play, because they are
familiar with
the security measures that are available and what is involved in deploying
them.
Depending on the requirements of the organization, the security plan might
consist of
merely taking advantage of the features already included in the network’s
operating
systems and other hardware and software components or you might have to
purchase
additional security products, such as firewalls, smart card readers, or
biometric devices.
A typical security plan for a network includes implementations of the
following secu-
rity principles:
■
Access control The granting of specific levels of access based on a user’s
iden-
tity. Access control capabilities are built into most network operating
systems and
applications.
■
Auditing A process by which administrators monitor system and network activ-
ities over extended periods. Most network operating systems and applications
include some form of auditing that administrators can configure to their
needs.
|
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)