Network Security Model - Defining an Enterprise Security Strategy
These are the five primary security groups that should be considered with any enterprise
security model. These include security policy, perimeter, network, transaction and
monitoring security. These are all part of any effective company security strategy.
Any enterprise network has a perimeter that represents all equipment and circuits that connect
to external networks both public and private. The internal network is comprised of all the
servers, applications, data, and devices used for company operations. The demilitarized
zone (DMZ) represents a location between the internal network and the perimeter comprised
of firewalls and public servers. It that allows some access for external users to those
network servers and denies traffic that would get to internal servers.
That doesn't mean that all external users will be denied access to internal networks.
On the contrary, a proper security strategy specifies who can access what and from where.
For instance telecommuters will use VPN concentrators at the perimeter to access Windows
and Unix servers. As well business partners could use an Extranet VPN connection for
access to the company S⁄390 Mainframe.
Define what security is required at all servers to protect company applications and
files. Identify transaction protocols required to secure data as it travels across secure
and non-secure network segments. Monitoring activities should then be defined that examine
packets in real time as a defensive and pro-active strategy for protecting against
internal and external attacks.
A recent survey revealed that internal attacks from disgruntled employees and consultants
are more prevalent than hacker attacks. Virus detection should then be addressed since
allowed sessions could be carrying a virus at the application layer with an e-mail or
a file transfer.
Security Policy Document
The security policy document describes various policies for all employees that use the
enterprise network. It specifies what an employee is permitted to do and with what
resources. The policy includes non-employees as well such as consultants, business
partners, clients and terminated employees. In addition security policies are defined for
Internet e-mail and virus detection. It defines what cyclical process if any is used for
examining and improving security.
This describes a first line of defense that external users must deal with before
authenticating to the network. It is security for traffic whose source and destination is
an external network. Many components are used to secure the perimeter of a network. The
assessment reviews all perimeter devices currently utilized. Typical perimeter devices are
firewalls, external routers, TACACS servers, RADIUS servers, dial servers, VPN
concentrators and modems.
This is defined as all of the server and legacy host security that is implemented for
authenticating and authorizing internal and external employees. When a user has been
authenticated through perimeter security, it is the security that must be dealt with
before starting any applications. The network exists to carry traffic between workstations
and network applications.
Network applications are implemented on a shared server that could be running an
operating system such as Windows, Unix or Mainframe MVS. It is the responsibility of the
operating system to store data, respond to requests for data and maintain security for
that data. Once a user is authenticated to a Windows ADS domain with a specific user
account, they have privileges that have been granted to that account. Such privileges
would be to access specific directories at one or many servers, start applications, and
administer some or all of the Windows servers.