Any enterprise network has a perimeter that represents all equipment and circuits that connect to external networks, both public and private. The internal network is comprised of all the servers, applications, data, and devices used for company operations. The demilitarized zone (DMZ) represents a location between the internal network and the perimeter comprised of firewalls and public servers. It allows some access for external users to those network servers and denies traffic that would get to internal servers. That doesn't mean that all external users will be denied access to internal networks. On the contrary, a proper security strategy specifies who can access what and from where.
For instance, telecommuters will use VPN concentrators at the perimeter to access Windows and UNIX servers. Business partners could use an Extranet VPN connection for access to the company S/390 Mainframe. Define what security is required at all servers to protect company applications and files.
Identify transaction protocols required to secure data as it travels across secure and non-secure network segments. Monitoring activities should then be defined that examine packets in real time as a defensive and proactive strategy for protecting against internal and external attacks. A recent survey revealed that internal attacks from disgruntled employees and consultants are more prevalent than hacker attacks. Virus detection should then be addressed, since allowed sessions could be carrying a virus at the application layer with an e-mail or a file transfer.
Security Policy Document
The security policy document describes various policies for all employees that use the enterprise network. It specifies what an employee is permitted to do and with what resources. The policy includes non-employees, such as consultants, business partners, clients and terminated employees. In addition, security policies are defined for Internet e-mail and virus detection. It defines what cyclical process, if any, is used for examining and improving security.
This describes a first line of defense that external users must deal with before authenticating to the network. It is security for traffic whose source and destination is an external network. Many components are used to secure the perimeter of a network. The assessment reviews all perimeter devices currently utilized. Typical perimeter devices are firewalls, external routers, TACACS servers, RADIUS servers, dial servers, VPN concentrators and modems.
Once users are authenticated to a Windows ADS domain with a specific user account, they have privileges that have been granted to that account. Such privileges would be to access specific directories at one or many servers, start applications, and administer some or all of the Windows servers. When the user authenticates to the Windows Active Directory Services, it is not distributed to any specific server. There are tremendous management and availability advantages to that, since all accounts are managed from a centralized perspective and security database copies are maintained at various servers across the network. UNIX and Mainframe hosts will usually require logon to a specific system, however, the network rights could be distributed to many hosts.
Next Page: Transaction and Monitoring Security