IT Infrastructure Security-Step by Step
While reviewing various papers and books on security, and some security breach incidents, I realized that that there are not many resources available that provide a stepby-step approach for building comprehensive security systems. Most of the existing material talks about particular security breaches or security holes and their remedies.
Read the Article
|
The OSI Model: An Overview
The original objective of the OSI model was to provide a set of design standards for equipment manufacturers so they could communicate with each other. The OSI model defines a hierarchical architecture that logically partitions the functions required to support system-to-system communication.
Read the Article
|
Security Architecture Model Component Overview
In the dynamic world in which companies operate, securing transactions, data, and infrastructure components is much more complicated. A successful security architecture combines a heterogeneous combination of policies and leading practices, technology, and a sound education and awareness program. The recipe for pulling these components together to meet the standards set forth in the policies is the security architecture.
Read the Article
|
Securing out-of-band device management
In networks with critical core components, securing device access while maintaining the ability to provide emergency maintenance is crucial. Often, a console port, craft port, dedicated Ethernet management port or other out-of-band access must be used to recover failed devices or systems. For large networks, these devices are frequently located at remote or inaccessible locations. However, leaving the management ports attached directly or via modem presents a security hole. The network infrastructure may be very secure with firewalls, IDS, and encryption systems while core access to the device's management ports is often neglected. This paper will outline vulnerabilities of out-of-band managed systems and devices, provide worksheets for helping to ensure security and give examples of possible architectures for secure remote access.
Read the Article
|
Security Considerations for Extranets
Increasingly extranets are being used by organizations to conduct e-business operations. However, an extranet must be properly planned, implemented and maintained to ensure that it does not pose an unacceptable risk to an organization's internal data and information systems. This paper identifies potential risks associated with extranets and the actions that can be taken to mitigate against them.
Read the Article
|
Information Systems Security Architecture: A Novel Approach to Layered Protection
The purpose of this paper is to demonstrate how to develop an information systems security architecture in a complex environment with few security measures in place. The case study illustrated will provide the reader with a set of guidelines that can be used to develop security architecture components that allow for scalable and secure IT infrastructure.
Read the Article
|
An Architectural Framework to Achieve an Enterprise Infranet
The goal is to design a secure and assured networking environment that provides differentiated services to all user constituents, irrespective of location in the network. This is the spirit of what an Infranet can provide. As defined by the Infranet Initiative Council (IIC), a cross-section of industry leaders focused on driving Infranet development and deployment, an Infranet is a network that combines the reach of the Internet with the assured performance and security of private networks to support all communications.
Read the Article
|
Get Serious About SOA Governance: A 5-Step Action Plan for Architects ~ Sponsor
Build an airtight yet flexible governance plan to avoid risk and get the most out of SOA investment. In this white paper, you'll learn why governance is so crucial to reaping the full benefits of Service-Oriented Architecture (SOA). Learn how the lack of governance can expose your organization to serious risks; discover five key practices to consider as you build your SOA governance plan; understand the importance of flexibility and enforcement; and more.
Read the Article
|
Security Architecture and Models
This article parallels the CISSP Domain 6. Two concepts one needs to know are security model and security policy. The Security Policy outlines several high level points: how the data is accessed, the amount of security required, and what the steps are when these requirements are not met. The security model is more in depth and supports the security policy.
Read the Article
|
