15 Jan 2018
Seven Domains of IT Infrastructure Seven domains can be found in a typical IT infrastructure. They are as follows: User Domain, Workstation Domain, LAN Domain, LAN-to-WAN Domain, Remote Access Domain, WAN Domain, and System/Application Domain. Each of these domains is viewed as portals for attackers if countermeasures are missing or fail. It is very imperative for businesses to protect each of these seven domains. It only takes one unprotected domain for an attacker to gain access to private data.
- User Domain.
The User Domain covers all theusers (of any rank) that haveaccess to the other six domains.
RISKS:
- User can destroydatainapplication(intentionally or not) and delete all
- User can find that his girlfriendcheated on him and use her passwordto delete all of her work so that shewould be fired.
- User can insert infected CD or USBflash drive into the work computer
- Workstation Domain.
A computer of an individual userwhere the production takesplace
RISKS:
- The workstation’s OS can have a known software vulnerability thatallows a hacker to connect remotelyand steal data.
- A workstation’s browser can have a software vulnerability which allowsunsigned scripts to silently installmalicious software.
- A workstation’s hard drive can fail causing lost data
- LAN Domain.
Contains all of theworkstations,hubs, switches, and routers. TheLAN is a trusted zone
RISKS:
- A worm can spread through the LANand infect all computers in it.
- LAN server OS can have a knownsoftware vulnerability.
- An unauthorized user can access the organization’s workstations in a LAN
- WAN Domain.
- Stands for Wide Area Networkand consists of theInternet andsemi-private lines
RISKS:
- Service provider can have a major network outage.
- Server can receive a DOS or DDOS attack.
- A FTP server can allow anonymously uploaded illegal software
- LAN / WAN Domain.
The boundary between thetrustedand un-trusted zones.The zones are filtered with afirewall
RISKS:
- A hacker can penetrate your ITinfrastructure andgain access toyour internal network.
- Weak ingress/egress traffic filteringcan degrade performance.
- A firewall with unnecessary portsopen can allow access from theInternet
- System / Application Storage Domain.
This domain is made up ofuser-accessed serverssuchas email and database
RISKS:
- A fire candestroy primary data
- A DOS attack can cripple the organization’s email
- A database server can beattacked by SQL injection,corrupting the data
- Remote Access Domain
The domain in which amobileuser can access the local networkremotely, usually through a VPN
RISKS:
- Communication circuit outage candeny connection.
- Remote communication from officecan be unsecured.
- VPN tunneling between remotecomputer and ingress/egress routercan be hacked
References
Kim, David, dan Michael G Solomon. 2012. Fundamentals of Information Systems Security. Jones & Bartlett Learning, United State of America
- asisten
- Bina Nusantara
- Binus
- binusian
- fulltime assistant
- greater nusantara
- greaternusantara
- Information System
- information system laboratory
- information technology
- islab
- IT
- Lab Sisfo
- parttime assistant
- school of information system
- SIS SIS
- Sistem Informasi
- teknik informatik
- teknologi informasi
- teknologi teknologi
- TI
Jennifer Alexandra
