Welcome to Bucaro TecHelp!

Bucaro TecHelp
Maintain Your Computer and Use it More Effectively
to Design a Web Site and Make Money on the Web

About Bucaro TecHelp About BTH User Agreement User Agreement Privacy Policy Privacy Site Map Site Map Contact Bucaro TecHelp Contact RSS News Feeds News Feeds

Each year 1.5 million shelter animals are euthanized (670,000 dogs and 860,000 cats). Source: ASPCA. The solution is not to shelter unwanted pets, but to SHUT DOWN THE PET MILLS. Anyone who wants a pet will just have to adapt a great pet from a shelter.

Holiday Gift Guide
Holiday Gift Guide

Network Security Model - Defining an Enterprise Security Strategy

Overview

These are the five primary security groups that should be considered with any enterprise security model. These include security policy, perimeter, network, transaction and monitoring security. These are all part of any effective company security strategy.

Any enterprise network has a perimeter that represents all equipment and circuits that connect to external networks both public and private. The internal network is comprised of all the servers, applications, data, and devices used for company operations. The demilitarized zone (DMZ) represents a location between the internal network and the perimeter comprised of firewalls and public servers. It that allows some access for external users to those network servers and denies traffic that would get to internal servers.

That doesn't mean that all external users will be denied access to internal networks. On the contrary, a proper security strategy specifies who can access what and from where. For instance telecommuters will use VPN concentrators at the perimeter to access Windows and Unix servers. As well business partners could use an Extranet VPN connection for access to the company S⁄390 Mainframe.

Define what security is required at all servers to protect company applications and files. Identify transaction protocols required to secure data as it travels across secure and non-secure network segments. Monitoring activities should then be defined that examine packets in real time as a defensive and pro-active strategy for protecting against internal and external attacks.

A recent survey revealed that internal attacks from disgruntled employees and consultants are more prevalent than hacker attacks. Virus detection should then be addressed since allowed sessions could be carrying a virus at the application layer with an e-mail or a file transfer.

Security Policy Document

The security policy document describes various policies for all employees that use the enterprise network. It specifies what an employee is permitted to do and with what resources. The policy includes non-employees as well such as consultants, business partners, clients and terminated employees. In addition security policies are defined for Internet e-mail and virus detection. It defines what cyclical process if any is used for examining and improving security.

Perimeter Security

This describes a first line of defense that external users must deal with before authenticating to the network. It is security for traffic whose source and destination is an external network. Many components are used to secure the perimeter of a network. The assessment reviews all perimeter devices currently utilized. Typical perimeter devices are firewalls, external routers, TACACS servers, RADIUS servers, dial servers, VPN concentrators and modems.

Network Security

This is defined as all of the server and legacy host security that is implemented for authenticating and authorizing internal and external employees. When a user has been authenticated through perimeter security, it is the security that must be dealt with before starting any applications. The network exists to carry traffic between workstations and network applications.

Network applications are implemented on a shared server that could be running an operating system such as Windows, Unix or Mainframe MVS. It is the responsibility of the operating system to store data, respond to requests for data and maintain security for that data. Once a user is authenticated to a Windows ADS domain with a specific user account, they have privileges that have been granted to that account. Such privileges would be to access specific directories at one or many servers, start applications, and administer some or all of the Windows servers.

RSS Feed RSS Feed


Follow Stephen Bucaro Follow @Stephen Bucaro


Computer Networking Sections

Fire HD
[Site User Agreement] [Privacy Policy] [Site map] [Search This Site] [Contact Form]
Copyright©2001-2017 Bucaro TecHelp 13771 N Fountain Hills Blvd Suite 114-248 Fountain Hills, AZ 85268