An IT Architecture for Emory University
Adopted by CIRT
Security Domain Architecture
February 20, 2002
ITA Version 1.9.8
© 2000 Emory University
Page 3-4
Emory
Secure
Restricted
Available to
only those
granted
access
Emory Untrusted
Public information
& resources
Available to
anyone
Outside
Emory
Policy Pockets
Emory Trusted
Proprietary & Confidential
Available to Emory faculty, staff and
students only
Figure 3-3. Zones of trust.
inner rings, but less hard if they are in the same ring. Thus those in the same ring need to have
the same minimum level of trustworthiness.
Number of zones. The diagram shows three zones, but the number of zones does not have to
be as many as three or as few as three. The use of multiple zones allows access between a
less and a more trusted zone to be controlled to protect a resource from attack by a less trusted
one. Any zone could be subdivided into “policy pockets” of common security policy if need be to
allow supporting additional classification categories without the expense of infrastructure to
establish another zone. The picture illustrates this for a classification scheme with four
categories by putting two categories (proprietary and confidential) in the same zone. Emory is
likely to need multiple zones as indicated in Section 9.3.1 page 9-3 below.
Establishing trust. Trust in a resource depends upon measures taken to detect and prevent
compromise of the resource and violations of security policy. To establish a minimum level of
trust, each zone except perhaps an “untrusted” zone requires that the devices in it be certified to
have a certain level of security determined by the security policies, procedures, and protections
that are in place to check for attacks, intrusions and security policy violations. Measures to
establish trust include fixing known problems, detecting intrusions, and periodically checking for
unauthorized changes, violations of policy, and vulnerabilities to attack.
3.2
Network Security
“Ethernet over barbed wire? Well, that’s one approach to network security.”
-- Mark Vinsel
Focus on data networks. Network security is an application of the above general security
approach to networks for electronic communication. Of the three types of networks – voice,
video, and data – the focus of this document is security for data networks, because that is the
type of network to which most IT resources attach and through which they can be attacked.
Data networks need to be secured not only to protect their attached IT resources, but also to
protect the network itself, that is, to protect the ability to access the IT resources on the network,
and the ability for those IT resources to interact using the network.
3.2.1
Basic network Security
Basic countermeasures. While controlling physical access to the network hardware is a
necessary requirement to secure the network, the greatest threat to the network and the
systems attached to it is an attack that occurs through the network itself. Unlike a physical
 |
 |
 |