It infrastructure security best practices

Best Practices For IT Infrastructure Security Policies Discussion Post

Discuss at least four (4) best practices for IT infrastructure security policies in domains other than the User Domain. Pick one domain outside the user-domain to focus on.

Address the following topics using your own words:

1. IT framework selection

2. When to modify existing policies that belong to other organizations versus creating your own policies from scratch

3. Policy flexibility

4. Cohesiveness

5. Coherency

6. Ownership

Explain your answers. If using content from internet please Cite them in APA format.

Sample Discussion 1

Security is one of the most important functions an organization must incorporate. Regardless of how organizations are assuming all security measures are in place, many times this isn’t enough. Ensuring this is a priority not only protects the company from hacks but also prevent fines and worst-case scenario, loss of trust which will cripple the organization income.

First, the LAN domain is where all the hubs, switches, routers, and workstations reside. This domain is also a trusted zone. Some of the risks involved in this domain includes worm that can infect all systems connected and unauthorized user access into the workstation.

Second, WAM domain which is a Wide Area Network. As the name implies, this domain covers a large geographic area. Some of the risks involved in this domain includes, network outages and the possibility of a DOS or DDOS attack to the server.

Third, the system/application storage domain. A user accessed server. Used for email and database. A very secure domain to ensure businesses doesn’t lose sensitive data and the threat of losing productivity. Some of the risks includes, DOS attack and SQL injections which can result in data corruption.

Lastly, remote access domain. Allows users to access the local network remotely from anywhere regardless of the what internet connection they may be connected to. This has to be protected with a VPN of course. Some of the risks include slow and poor connection, risk of hack due to remote connection from outside the network can be unsecure.

We are going to focus on the system/application storage domain. This is a very important domain as addressed above. This is because this domain must be protected at all times to minimize the risk of losing confidential and sensitive data. But despite the protection this domain is provided, some of the more common threats related to this domain is the operating system such as the desktop and server, email application, etc. Looking at software vulnerability, this is an easy way to exploit this domain. This is due to software having vulnerabilities and it is impossible to write perfect code that is free of any vulnerabilities. The vulnerabilities are then easily exploited by malware which is usually accidently installed by the user. What these vulnerabilities can be damaging to a corporation, they can be used to steal information or remain for a long ride to monitor or be used as keyloggers. Protecting from these attacks is not easy but ensuring all system updates are installed will help with the mitigation of the risks. Companies are always releasing updates to help correct vulnerabilities shortly after discovery. Another best practice is monitoring the systems for any suspicious software or behavior to help detect malware early.

Policy flexibility is essential to a company as it helps to keep the organization ready and mobile for any changes that will need to be made when new technology and business needs evolve. Because the policy is flexible, policies can continue to grow instead of having create new ones without a starting point which in turn saves a significant amount of time. This is an organization that is not looking to remain constant but instead change with time.

Cohesiveness is another well best practice that is essential to any corporation. A critical measure in security is ensuring that all are on the same page. This means working together collectively and making decisions as a team. Allowing other members to take part of the decision regarding policy helps all members to be aware of the business process.

Coherency, teamwork between employees to be able to have a policy to ensure work is performed and business is well structured. This will help decide on a common policy amongst all members of a team.

Ownership is an individual responsible such a senior management to look at changes that are presented by the team. According to the Cyber Security Ownership and Responsibility, the ownership of the strategy and agenda assists in coordinating inputs and advice and approve changes. Decision amongst the group is essential where a high-level management will make the final decision.

Creating your own policy from scratch and modifying existing policies will depend entirely on the business objectives. The policy will help provide support to an organization on how to carry out work properly. Building a policy from scratch is a waste of time so recommending modifying is the best approach. Ensuring the policy created from the beginning is dynamically capable of evolving as the company evolves is critical in this policy.

Finally, the IT framework selection, the three mentioned above. This was saved for last due to how important the framework selection is. In order for any of the top three to be successfully, a proper IT framework must be selected. What framework selection is made can entirely depend on the on the organization and its needs and functions.

RESOURCES:

Cyber Security Ownership and Responsibility. (2016, March 14). Retrieved from https://freeformdynamics.com/information-management/cyber-security-ownership-and-responsibility/

Christina.robinson@nist.gov. (2019, March 18). NIST Risk Management Framework Webcast: A Flexible Methodology to Manage Information Security and Privacy Risk. Retrieved from https://www.nist.gov/news-events/events/2019/02/nist-risk-management-framework-webcast-flexible-methodology-manage

Sample Discussion 2

These will be the four best practices in the domains for IT infrastructure security policies not for the user domain.

· The institutional requirement will drive the implementation.

· The secure access will have to be reflected if goes to the cloud.

· The method should be a force for corporate properties without relating to the devices.

· It should be created base on mobility (Phifer, 2011).

These will be the four best practices in the domains for the IT infrastructure security policies except the User Doman.

1. The institutional requirement will give a drive for implementation: Some businesses use legacy remote access infrastructure and it determines the types used by the system and who can receive access from it. This is caused when it is unable to provide safe access using a home computer or a smartphone. It will be a portal for the mobile connection which is used for authentication, wireless communication that is encrypted and is used by one of the smartphones. There is a safe remote access solution, which has a limitation. When stocking the business access, it has needs as it relates the risks. It can map for possible solutions and uses the appropriate usage policy. Using a non-traditional way will be safe for access. There will be other alternatives which could aid the problems. There is a top-down requirement and a risk assessment (Phifer, 2011).

2. Relating secure access as it comes to the cloud: The remote access users’ needs a safe access when it comes to the network and secure access for the application and the messaging. These will provide a solution such as Exchange ActiveSync and the TLS-secured Outlook Web Access and these solutions will meet the need but cannot help with the other applications. Many employers can relate this to the user for their tablets, and smartphones when it shifts to the corporate VPN, for more capabilities as it becomes available. With the development, using the cloud service, it makes transferring in the selected application and it is more sensible. A stable cloud app can be rented for SMB in a simple process and not installed as an app for the in house. An endpoint agnostic can be done by a cloud service provider, which reflects a safe access for the application. The SMBs can receive this by email, CRN, and the ERF schedules, also using file sharing and a secured side known for teleconferencing. This does not satisfy, for corporate remote access requirements. The SMBs will see some major changes with these applications as it integrates with the provider for a secured server side. When it comes to the cloud application, the cloud intranet can be used and it allows the remote workers to have a safe environment even when not entering the corporate network (Phifer, 2011).

3. It can apply for the corporate properties instead of the device: With the independence for endpoint devices, it will play a large role in entertaining the remote access. But it does allow for the access to be in a wide array of devices but this does not mean overlooking it. As it comes to the devices, for it many types even for the protection in posture. Several remote-access VPN can recognize the endpoint system for characteristics, it evaluates the risks, and it can be installed for the necessary security programs and for configuration. This is done without an IT and user support feature. In the VPN for best practices, look and then jump, which is a constraint for the system form and its ownership. The tablets and smartphones can never hold for the same rigorous check that the notebook and laptops reflect by. The users for the non-corporate platforms can use the features for a fair standard for privacy. It can focus on the security strategies for securing the company assets and not the tools that is used to access them and avoid circumventing for a drain. This is shown by leaving the environment for the center. The endpoint computer can be isolated from the VDI alternative for the work environment (Phifer, 2011).

4. It will be constructed for mobility: When it comes to the new content and the communication tools this provides for implementing a mobile feature first for mentality. This wise advice can be used to protect and stop using safe access remotely. The modern endpoints will be roaming, it can be mobile during the business day, even for office and the home environment or a hotel. It cannot give all the remote access for the traffic as it reaches the corporate network via a perimeter system. As it relates to the risks, it can be different as these devices move between the public and the private networks. This reflects reliable and gap-free security, and it is required. The approach for the operation both on-and-off premises will determine the safe access extension or the alternative. The VPN clients reflect on JunOS Pulse and Cisco AnyConnect, for location-awareness, for transparent switching between security policies that can be suited for these networks. When using connectivity it aides and keeps the users logged in for the coverage gaps. Also, it reduces the impact for protection, when roaming occurs. The broken and duplicated policies can only frustrate for the consumer and it can be costly for the manager and this leads to errors. There can be a centralized compliance for the implementation and this does help with the IT (Information Technology) implement process. It will relate a clear access which is right for the enterprise as it wanders over the feature (Phifer, 2011).

This is the one Domain which is outside the user domain.

The LAN domain features the network devices which allows the flow for logical data within the infrastructure. It should relate to users that the network is effective, secure and stable. If a natural disaster should occur, the network systems goes to a feature that provides the redundancy as to maximize its reliability. With the redundancy, it will ensure that there will be no downtime for all of the networks involved. Even the network managers can combine the mesh and hybrid network as to reach a full mediation for a suitable area (Lacy, et al, 2012).

The LAN Domain is a network domain for the local area. It can be described as being a sub-network that is used by servers, users and is managed from a centralized database. The approval for the user is done using a central server or controller for its domain. When it comes to the word for the domain, it can be applied to website descriptors which relate the web address for a website or it can go to a sub-network for the LAN (Lacy, et al, 2012).

It will reflect on the following features:

· Switch - it’s related to hubs and switches. A hub is basically a computer that has many ports reflecting to the RJ-45. A link can be made for a user with many devices which a user has, even the signals will be transmitted from other devices which the hub has. It will be communicated to other connected devices for that hub. However, there can be several hubs that can resynchronize the signals but it will not determine where the signal should be sent to. For the incoming signal to exist these ports it will be separated from the others when the signal is received by the center. This reflects that for a certain time, that only one of these devices will be able to transmit (Zakaria, 2019).

· Router – A router can be used to connect two networks even if there is two LANs for a certain building or two LANs will be divided by WAN connection. It can be reflected that a router can link a LAN with a WAN. Even LAN can be linked with a WAN. This can be done as well (Zakaria, 2019).

· Firewall – A firewall can be a network for protecting devices or a program that protects a system. Both of these will be similar, but there is more traffic that needs to be managed such as using a hardware firewall. Both can be used to secure a large number of machines. A network firewall will be installed when the traffic is congested. It is a good position for the network's main switch, and the router can give Internet access. There is traffic monitoring and it flows for incoming and outgoing traffic to the user’s network. However, it will not only be the firewall that tracks the traffic. Also, it will deny the traffic but this depends on regulation for a firewall which is done by the system administrator. A decision can be harmful to the network and even the device. The guidelines for the firewall have control constraints that go to a packet that flows over, for incoming or outgoing traffic of the network (Zakaria, 2019).

· Flat network – The flat network will allow each similar computer, to have potential access to the other system without using the firewall, switch or router which has restrictions. This relates that the protective burden can be injected on the system for the network (Lacy, et al, 2012).

The following topics will be discussed and addressed thoroughly for each feature:

· When using the IT framework for selection: If the right framework is selected from the perspective of code maintenance it will affect its durability. When the code is not improved, preserved or extended, it will not to be used in the run. There can be uncertainty for the future as it relates to the development of certain technologies, then this should be avoided. But finding the right talent can be difficult to do when there is no state-of-the-art for development. The development of resources can influence the code and execution frequency. The framework has become popular in recent years, for using the reuse solution, use for the challenges and problems. It will be difficult for selecting a suitable framework because there will be many frameworks for the domain. When doing a project the selection can be an inappropriate framework or choosing a framework that has not been developed can lead to trouble. Choosing a structure for the application it can make or break the project. The absence in standardizing parameters and benchmarks will be contrasts/compare for the framework, it also will measure for strength, and evaluate if it is suitable for the framework when it comes to certain projects and this is another reason it will be difficult to choose a framework. There is not much research when it comes to access for appropriateness of the framework. There will be two sides to the development of the system. The speed for development is a crucial factor because the user does not know how long it will take to make it before implementation happen. This affects the business in cost based on team size. The end-user will care about how fast and how smoothly the device can work. Some users will become impatient before discovering the functioning of the process.

· This shows when to modify existing policies that belong to other organizations versus creating a policy from scratch: However, this will apply to businesses even larger businesses, a corporation can start a new strategy for directions and it will not be intended to formulate changes for worker's progress for their life in the work environment. This will relate to several broad policy changes. These will show solutions that help the company when it thrives and protects the company from challenges such as recognizing risks and reflecting the attempts as to fix the problem. These services will be governed by official and unofficial regulations in many ways. These regulations can be modified as to ensure the programs and services will do what it meant to do. With the provision of the service, which is for the general public or a target group. It will regulate the level of the policies. In the policy, there is a creator and a consumer that can be federal or state government representatives, and public or private funders, even the delivery service company. These policies will relate quality and the kinds of improvements for the consumer if a service impact should happen. The types of policies that people use will ensure the programs for effectiveness. Be sure that these programs address the requirements for the target population or society. And make sure it can be accessed by those who cost-effectively need them.

· There is flexibility for the policy: When a system shows it has a flexible policy it will support a wide range for security measures. The security policies can be classified by certain characteristics, such as things. It also includes the need to revoke access that is recently given, the features for information needs to make decisions for access, there should be responsiveness for the policy decision as it relates to the external factors, for context or climate, even the transitivity for access actions. It will also focus on revocation which is the hardest feature for endorsing these characteristics. When using flexibility for the security policy it tempts to produce a list for all the potential security policies and it describes flexibility in that list. This guarantees the concept as it reflects the actual view for the degree of flexibility. It can be stated as being impractical, sadly. The security policies for computer devices can be restricted for the tools available in these systems and it will not coherent for the security policies implemented for the computer. The term for flexibility for security policy can reflect the computer system as stated for the machine which executes an atomic operation as it moves from one state to the next. In model terms, it is a system that relates as to give total flexibility for the security policy and it can atomically impose it on any procedure that is conducted by the system and it enables the operation to continue, or deny the procedure, or inject the operation. When this happens the security policy then decides for awareness for the whole current state, and the current state for the system can reflect on the device for past usage. It can be feasible as it reflects across these access for requests, it will be modified and revoke for the early given access.

· There is cohesiveness: Cohesiveness refers to the degree for the components and where it belongs and together within the module. It also can be a measure for the strength of the relationship between these classes such as methods, data, and the unity for intent or the principle by which a class serves. It can also measure the strength in the relationship between all these methods for the data and the class. Cohesion can be an ordinary measure feature and can be called low cohesion or a high cohesion. The preferred one will be the high-cohesion modules. The high cohesion can be correlated with desirable software traits which show robustness, reliability, reusability, and understandability. Low cohesion is associated with the unwanted traits and relates to being harder as to maintain, even for measurement which is reuse as it understands.

· Coherency: Coherency, it ensures the system bus masters the ability to see the same memory view. Coherency for the cache reflects on all elements that have the same percepts for the shared data. Such as the user needs a pair of eyes for the same perspective for seeing accurately. It will be important to perceive the consistent in data for each of the IP blocks which has access to the shared data source. Coherency is an arrangement that is reached for a shared memory network that comes between different individuals that access a storage location for the order of values and this place will be observed as to take. The hardware-maintained coherency for the existence of caches as it alleviates software. There is a process for wiping the caches so that it drives the updated information to memory. It will reflect on other entities for sight and it will provide important performance benefits for the application. The modern shared-memory system can give it consistency for the hardware cache. The coherency will be a vital determinant for certain alloy film properties. An epitaxial layer has a parameter for the bulk lattice and it can vary from the substrate. When the layer is consistent with the layer it will be consistent with the substratum, and it can be mechanically stretched. And the electronic, optoelectronic, properties can be modified using the stress-induced modification for the structure used by the electronic bands. When the layer is not compatible with the substratum there can be a structural defect, with many that degrade the output in the semiconductor devices.

· Ownership: Ownership reflects the state, action or the right to own something, it also possesses something. It can also be applied to the proprietorship for an organization even a party. This shows that it is exclusive and final with legal rights for legitimate a claim or title. A person can possess, enjoy, sell, give away or bequeath or eliminate their belongings. It also relates the selling of the property and the objects a person owns. Ownership relates to the condition or the nature for the exclusive rights also the ownership over the property that can be entity, land or the immovable property even intellectual property. Ownership reflects the various rights which can be divided and also be retained by different individuals, this refers to the title. In the ownership process, the concepts can be very complicated. These will be the ways for the process such as obtain, move, lost for the ownership as for property. It can obtain land, brought with money, use exchange for another area of land. It also can be won by betting, it can be received as a gift. A person can also find the source, inherit it, receive it from damages, even gain it from work, and provide the service, and use it for a homestead. It can be transferred, even when it is considered loss property, reflects on selling for money and transferring to another property. It can be offered as a gift and many more objectives.

References:

Lacy, G., Fielder, T., Demmler, M., & Thavisay, J. (2012). LAN Domain Network Security Best Practices. Company Co. Inc. LLC. Retrieved on March 28, 2020, from http://personal.utulsa.edu/~james-childress/cs5493/Projects2012/CCI_BestPractices.pdf.

Phifer, L. (2011). 5 Best Practices for Securing Remote Access. eSecurity Planet. Retrieved on March 28, 2020, from https://www.esecurityplanet.com/security-how-to/5-Best-Practices-for-Securing-Remote-Access-3937121.htm.

Zakaria, M. (2019). Necessary Network Trio: Switches vs Firewalls vs Routers. Field Engineer. Retrieved on March 28, 2020, from https://www.fieldengineer.com/blogs/switches-firewalls-routers-differences.