Overview
These are the 5 primary security groups that should be considered with any enterprise security model. These include security policy, perimeter, network, transaction and monitoring security. These are all part of any effective company security strategy. Any enterprise network has a perimeter that represents all equipment and circuits that connect to external networks both public and private. The internal network is comprised of all the servers, applications, data, and devices used for company operations. The demilitarized zone (DMZ) represents a location between the internal network and the perimeter comprised of firewalls and public servers. It that allows some access for external users to those network servers and denies traffic that would get to internal servers. That doesn’t mean that all external users will be denied access to internal networks. On the contrary, a proper security strategy specifies who can access what and from where. For instance telecommuters will use VPN concentrators at the perimeter to access Windows and Unix servers. As well business partners could use an Extranet PCI compliance connection for access to the company S/390 Mainframe. Define what security is required at all servers to protect company applications and files. Identify transaction protocols required to secure data as it travels across secure and non-secure network segments. Monitoring activities should then be defined that examine packets in real time as a defensive and pro-active strategy for protecting against internal and external attacks. A recent survey revealed that internal attacks from disgruntled employees and consultants are more prevalent than hacker attacks. Virus detection should then be addressed since allowed sessions could be carrying a virus at the application layer with an e-mail or a file transfer.
Security Policy Document
The security policy document describes various policies for all employees that use the enterprise network. It specifies what an employee is permitted to do and with what resources. The policy includes non-employees as well such as consultants, business partners, clients and terminated employees. In addition security policies are defined for Internet e-mail and virus detection. It defines what cyclical process if any is used for examining and improving security.
Perimeter Security
This describes a first line of defense that external users must deal with before authenticating to the network. It is security for traffic whose source and destination is an external network. Many components are used to secure the perimeter of a network. The assessment reviews all perimeter devices currently utilized. Typical perimeter devices are firewalls, external routers, TACACS servers, RADIUS servers, dial servers, VPN concentrators and modems.
Network Security
This is defined as all of the server and legacy host security that is implemented for authenticating and authorizing internal and external employees. When a user has been authenticated through perimeter security, it is the security that must be dealt with before starting any applications. The network exists to carry traffic between workstations and network applications. Network applications are implemented on a shared server that could be running an operating system such as Windows, Unix or Mainframe MVS. It is the responsibility of the operating system to store data, respond to requests for data and maintain security for that data. Once a user is authenticated to a Windows ADS domain with a specific user account, they have privileges that have been granted to that account. Such privileges would be to access specific directories at one or many servers, start applications, and administer some or all of the Windows servers. When the user authenticates to the Windows Active Directory Services distributed it is not any specific server. There is tremendous management and availability advantages to that since all accounts are managed from a centralized perspective and security database copies are maintained at various servers across the network. Unix and Mainframe hosts will usually require logon to a specific system, however the network rights could be distributed to many hosts.