Potential risks and mitigations in seven domains of IT Infrastructure

During my Cybersecurity and Privacy course, we have leaned about potential risks and mitigations in seven domains of IT Infrastructure, and I found this topic quite helpful and relative to my focus, thus I made a brief summary as a blog and share it with you here.

1. User Domain

The user domain refers to employees who use an organization's IT infrastructure. The potential risks in this domain include unauthorised access, lack of user awareness, policy violations, and user destruction of systems, applications, or data.

To mitigate these risks, organizations should conduct security awareness training, display security awareness posters, and send email reminders to employees. They should also implement an acceptable use policy, update the staff manual and handbook, and discuss these policies during performance reviews. Content filtering and antivirus scanning for email attachments should also be enabled. Restricting user access to only those systems, applications, and data needed to perform their jobs, and tracking and monitoring abnormal employee behavior and use of IT infrastructure during off-hours can also help mitigate these risks.

2. Workstation Domain

The workstation domain refers to an individual's computer, laptop, or mobile device. The potential risks in this domain include unauthorized access to workstations, systems, applications, and data, vulnerabilities in the operating system and application software, and infection of workstations by viruses, malicious code, or malware.

To mitigate these risks, organizations should enable password protection on workstations for access, enable auto screen lockout for inactive times, and define strict access control policies, standards, procedures, and guidelines. They should also implement a second level or layer of authentication to applications that contain sensitive data, define workstation operating system and application software vulnerability window policies and standards, and use workstation antivirus and malicious code policies, standards, procedures, and guidelines.

3.LAN Domain

The LAN domain refers to the local area network of an organization. The potential risks in this domain include unauthorized access to LAN, systems, applications, and data, server operating system vulnerabilities, and unauthorized access by rogue users on wireless LANs.

To mitigate these risks, organizations should make sure that wiring closets, data centers, and computer rooms are secure. They should also define strict access control policies, standards, procedures, and guidelines, restrict users from access to LAN folders and read/write/delete privileges on specific documents as needed, define server/desktop/laptop vulnerability window policies, and conduct periodic LAN domain vulnerability assessments.

4.WAN Domain

The WAN domain refers to the wide area network of an organization. The potential risks in this domain include insecure TCP/IP applications, email of Trojans, worms, and malicious software by hackers, attackers, and perpetrators, and open, public, and easily accessible networks.

To mitigate these risks, organizations should implement firewalls, intrusion detection and prevention systems, and VPNs. They should also restrict access to insecure applications, implement secure email protocols, and require multi-factor authentication for remote access.

5.Remote Access Domain

The remote access domain refers to employees accessing the organization's network from remote locations. The potential risks in this domain include unauthorized access, stolen credentials, and man-in-the-middle attacks.

To mitigate these risks, organizations should implement VPNs, multi-factor authentication, and endpoint protection. They should also restrict remote access to authorized users and require the use of company-owned devices or properly secured BYOD devices.

6.System/Application Domain

The system/application domain refers to servers and applications that support an organization's IT infrastructure. The potential risks in this domain include unauthorized access, software vulnerabilities, and data breaches.

To mitigate these risks, organizations should implement access control policies, standards, procedures, and guidelines, perform regular software

7. LAN to WAN Domain

A LAN-to-WAN connection exposes organizations to various risks, including multiple logon retries and access control attacks, unauthorized remote access to IT systems, applications, and data, private or confidential data compromise, data leakage in violation of data classification standards, and theft of mobile worker laptops or authentication tokens. To mitigate these risks, organizations should conduct post-configuration penetration tests, enforce data classification standards, and apply file transfer monitoring, scanning, and alarming. They should also disable ping, probing, and port scanning, apply strict security monitoring controls for intrusion detection and prevention, and define a zero-day vulnerability window. Upstream ISPs must participate in DoS/DDoS attack internet links, and vulnerabilities in IP router, firewall, and network appliance operating system software must be prevented and discarded. By implementing these measures, organizations can secure their LAN-to-WAN connection and reduce the likelihood of breaches or unauthorized access.