The seven domains of a typical IT infrastructure

User The User Domain is the particular fundamentb ace of our lucre and we moldiness pay close attention to substance abuser activity and shape user behavior on our meshwork. I lean this as a high priority due to the fact that it is the one that intromit for most likely open up threats on our network from file complicateloading and surfing the web. My proposal for a solution for this would be to characterise web browsing to only required users. This go out aloneow us to focus our concentration on those users, monitoring for potential network vulnerabilities.I similarly bespeak we practice a basic training course on the proper use of sensitive data and best common data processor practices. Workstation The Workstation Domain is where we can focus our energy on maintaining a snowy network. We should do nightly anti-computer virus scans which forget report whatsoever found issues back to the IT Department. This go away then suspend the IT Department to track down th e user responsible for infecting the network and allow us to pursue corrective action. local argona network For the wired portion of our network, I propose a few solutions that will armed service secure our network.First we will need to go through the safety of our equipment from tampering. We should beget all switches and sensitive equipment (i. e. Servers and Network Attached Storage (NAS) Devices) in a room that is locked at all times. If available, we can use a invoice access code system to monitor employees that authorize access to this portion of our network. piano tuner connections open our network to potential threats. We should do everything possible to limit the bend of allowed wireless devices on our network. I suggest that we enforce a insurance policy of a primary and secondary wireless network.This would allow us to do our employees the functions they need while maintaining a secure network. Our primary network will be secured with Wi-Fi Protected plan of a ttack version 2 (WPA2) and the user of a complex passphrase to prevent brute force attacks. This section of our network will have a limited number of users allowed, with each users activity cosmos closely monitored. The second wireless network will be an detached network which will allow all approved employees and clients to gain extracurricular access on their mobile devices, without compromising our network.A nonher step would be to implement security on the network side by locking down each switch port to a specific mac address. This will attend to circumvent someone from removing the cable from a computer and plugging in another device. While this doesnt completely eliminate threats of that kind, it will diminish the chance of having an unknowing user infect our network with a virus brought from another destination. LAN to disgusted The bridge between our outside network or WAN to the internal network should be monitored closely.As mentioned in the WAN section above, we s hould focus on restricting access to our network to help prevent unwanted attacks. I suggest that we implement a computer hardware firewall on our network. A hardware firewall will give our network a much needed layer of security against potential threats. WAN For this field of study I suggest that we implement Virtual Private Network (VPN) servers for any of our employees or clients that are trying to access our network remotely.We should also ensure that all unused ports on our network are blocked which would help limit attacks on our network. We should approach it from the stance of what we need, not what we do not need and start our outbound firewall with all ports closed. Only open the ports that are needed to have our network function. Remote Access The Remote Access Domain should be monitored closely with each connection and activity extensively logged. Allowing access to our network from an outside source, opens up many possible threats to our network.I suggest that we cr eate a separate server and network for our remote access, retentiveness it isolated from our primary network. We could implement server and storage mirroring for both networks. This would allow employees to work on projects from a remote location, or clients see the come along of project and not put our network at risk. Systems/Applications Since the system/ natural covering domain consists of all of a businesss mission-critical systems, applications, and data it is grand to ensure that this domain is secure at all times.Failure to do so will result in large amounts of sensitive information as well as the threat of having productions cease to function. Unauthorized physical access is gaining access to a physical entity without permission. This is potentially dangerous because if an individual were to gain such access they could destroy the systems and data within the systems. This threat is refer on access to such places as data centers with a enormous deal of sensitive infor mation. To prevent unauthorized physical access policies, standards, procedures and guidelines must be followed.For example, all guests must be escorted by an employee at all times. Staff should immediately report any suspicious activity and wonder persons that do not have an employee ID or badge visible. Data discharge occurs when any stored data is destroyed. This is considered the greatest risk to the system/ application domain. To armed combat data loss, backups should occur regularly. The backups should be stored at an off- site location to allow full data recovery in the event of data loss.