Friday, July 19

Abdullah Alshehri, Associate Director of Security Operations at Red Sea Global, Explores the Seven Domains of a Standard IT Infrastructure

Abdullah Alshehri, currently the Associate Director in the Security Department at Red Sea Global (RSG) in Umluj, Saudi Arabia, possesses a wealth of expertise in safeguarding organizations against digital threats. With over 14 years of invaluable experience in the field, Abdullah provides unparalleled insights into the seven domains that form the essential foundation of a standard IT infrastructure in this article. His extensive knowledge and leadership led us into the critical realm of IT security.

Organizations of all sizes are exposed to many types of cyberattacks in the cyberspace, which requires them to strengthen their IT security. IT professionals adopt the best security practices to mitigate the threats by implementing countermeasures in each domain of the seven domains in the IT infrastructure. These domains are regarded as attackers’ portals, so it is important to protect each domain and eliminate all possible vulnerabilities to prevent cyberattacks. So, what are these seven domains?

Abdullah Alshehri, Associate Director-Security Operations, Red Sea Global

1.   User Domain:

The user is the first domain and is the end-user who accesses the organization’s IT infrastructure from either inside the network or outside network. People are often the weakest link in IT security. Without addressing risks associated with users, the strongest technical and physical security cannot protect a company from cyberthreats. To mitigate threats and risks in this domain, the company must establish and implement strong security controls and policies including robust password policies, 2FA (Two-Factor Authentication), acceptable use policy (AUP), access privilege management, and conduct employee training and awareness program about cybersecurity threats.

2.   Workstation domain

The workstation domain is the next layer that needs strong security controls. This domain contains the device used to access the organization’s IT infrastructure (PCs, Laptops, Smartphones, etc.). The user’s workstation can be infected by viruses or malware and can be accessed by hackers; therefore, the company should harden all computers that are used by its employees, and adopt the Defense in depth strategy. Hardening is a process whereby a computer is made more resistant to cyber intrusion from malicious attack. This should be made by implementing strong controls through software revisions, security patches, system configuration, and the use of anti-virus, anti-malware, and workstation login ID/passwords.

3.   LAN domain:

The third layer is LAN domain, which includes all technologies that establish the local area network and connect to the organization’ IT infrastructure. LAN network is a prime target for cyberattacks, so it needs strong controls in place. Segmentation is a good practice where the network is divided for different users (employees vs visitors). This will ensure that when outsiders connect with the network do not infect the network with malware. In addition, the firewall should have egress filtering to limit users’ access to the Internet. Usually, users need access to Port 80/443, but other ports should be authorized case by case. Users should not access the internet from every port to avoid being infected by malware or botnets. The IT also needs to apply Network Security Protocols to encrypt communication, and ensure data transported through network’s connections stays safe and secure.

4.   LAN to WAN domain

The LAN to WAN domain is where the IT infrastructure connects to the Internet. In this complex domain, important security controls need to be applied. All security appliances in this domain must be configured to comply with policy definitions including the following: (1) IP routers which transport IP packets to and from the internet need to be logically configured, and establishing access control list to filter traffic (Permit or deny traffic); (2) Firewall to filter traffic; (3) Demilitarized zone (LAN segment), which serves as a buffer zone for inbound and outbound traffic; (4) Intrusion detection system examines traffic to identify attack and malicious intent and triggers an alarm once detects a threat; (5) Proxy server, which serves as a middleman where data is analyzed and screened before they relayed to the IT infrastructure; (6) Web content filter, which filters domain names and prevent unauthorized traffic from entering the IT infrastructure; (7) Email content filter, which blocks the content of all emails until properly screened for viruses, then allow clear emails pass to users.

5.   WAN domain:

The WAN domain is the wide network where all entities including other businesses, websites, and all external users exist in. By using WAN, end users communicate with the LAN using virtual private networking (VPN), FTP, or Secure Shell (SSH). In this domain, propping the LAN-to-WAN will mitigate any risk comes from WAN. Using firewalls as mentioned before as well as conducting constant penetration tests are very important to ensure that the domain is secured.

6.   Remote access domain

The Remote access domain where employees gain access to an organization’s IT infrastructure remotely (e.g., from home). Remote access poses risks to an organization’s IT. A virtual private network (VPN) is used to provide a secure remote access connection across the Internet. VPN uses encryption and authentication to ensure confidentiality, integrity, and privacy of communications through the network. VPN creates an encrypted communication tunnel over a public network such as the Internet. It is important that users be authenticated before accessing the network through 2FA (Two-Factor Authentication). Robust procedures need to be created for remote access such as conducting regular audits, monitoring logins attempts, and using strict firewall ACLs.

7.   System and application domains

The System and application domain includes all system and software applications that users access such as application servers, Web servers, proprietary software, and applications. Database servers host data that is accessed by users, applications, or other servers. Therefore, the use of a data loss prevention system is very important to monitor when and where copies of such files are written, by whom or by what process. It is important to maintain these systems and software by regularly patching them, and installing antimalware/antivirus software to stop infections downloaded through email or from a compromised website. Finally, user training and awareness are essential to ensure that they recognize phishing and social engineering schemes to prevent hackers from penetrating the network through them.

Securing these seven domains is the starting point to address cyberthreats in any company. Regular risk assessments should be conducted to identify risks and threats faced by the company, and effective security measures should be taken to reduce, neutralize and eliminate the identified threats. Establishing an IT security program that encompasses administrative, physical, and technical measures and controls is crucial to ensure that the company IT infrastructure is protected. The Company’s employees should receive constant awareness and training sessions to educate them with the security threats including social engineering attacks. Finally, auditing and penetration testing need to be regularly conducted to identify problems proactively and address them.