IT1914

Typical Domains of IT Infrastructure

User, LAN, and WAN Domain
In the context of networking, domain refers to any group of users, workstations, devices, printers, computers, and
database servers that share different types of data via network resources. There are also many types of subdomains.

A domain has a domain controller that governs all basic domain functions and manages network security. Thus, a domain
is used to manage all user functions, including username, password, and shared system resource authentication and
access. It is also used to assign specific resource privileges, such as user accounts.

In a simple network domain, many computers and workgroups are directly connected. A domain comprises combined
systems, servers, and workgroups. Multiple server types may exist in one (1) domain such as Web, database, and print
that depend on network requirement.

DOMAIN RISKS
User Domain – This covers all the users that • User can destroy data in the application (intentionally or
have access to the other domains. not) and delete all.
• User can use the password to delete his/her file.
• User can insert infected CD or flash drive into the computer.
Workstation Domain – It is a computer of an • The workstation’s operating system can have a known
individual user where the production takes software vulnerability that allows a hacker to connect
place. remotely and steal data.
• A workstation’s browser can have a software vulnerability,
which allows unsigned scripts to install malicious software
silently.
• A workstation’s hard drive can fail to cause loss of data.
LAN Domain – This contains all of the • A work can spread through the LAN and infect all computers
workstation, hubs, switches, and routers. This is in it.
also a trusted zone. • LAN server OS can have a known software vulnerability.
• An unauthorized user can access the organization’s
workstations in a LAN.
WAN Domain – It consists of the Internet and • The service provider can have a major network outage.
semi-private lines. • Server can receive a Denial of Service (DOS) or Distributed
Denial of Service (DDOS) attack.
• A file transfer protocol (FTP) can allow anonymously
uploaded illegal software.
LAN/WAN Domain – It is the boundary • A hacker can penetrate an IT infrastructure and gain access
between the trusted and untrusted zones. The to the internal network.
zones are filtered with a firewall. • A firewall with unnecessary ports open can allow access
from the Internet.
System/Application Storage Domain – This • A fire can destroy primary data.
domain is made up of user-accessed servers • A DOS attack can cripple the organization’s e-mail.
such as e-mail and database. • A database server can be attacked by SQL injection,
corrupting the data.
Remote Access Domain – This is the domain in • Communication circuit outage can deny connection.
which a mobile user can access the local • Remote communication from the office can be unsecured.
network usually through a VPN.
Table 1. The typical domains of IT Infrastructure.

03 Handout 1 *Property of STI

 [email protected] Page 1 of 6
 IT1914

Local Users and Domain Users in Windows

In Windows, a local user is one whose username and encrypted password are stored in the computer itself. When logging
in as a local user, the computer checks its own passwords file to see if the user is allowed to log into the computer. The
computer itself then applies all the permissions and restrictions that are assigned to the user for that computer.
Domain users are those whose username and password are stored on a domain controller rather than the computer and
the user is logging into. When logging in as a domain user, the computer asks the domain controller with privileges are
assigned to the user.
Domain users evolved in response to the challenges administrators face when managing large numbers of computers,
peripherals, services, and users.

LAN Domain
The Local Area Network (LAN) domain is defined as a sub-network that is made up of servers and clients—each of which
is controlled by a centralized database. User approval is obtained through a central server or a domain controller. The
term “domain” can refer to descriptors for Internet sites, which is a site’s Web address, or to LAN subnetworks.

WAN Domain
The Wide Area Network (WAN) is a communications network that spans a large geographic area such as cities, states, or
countries. It can be private to connect parts of a business, or it can be more public to connect smaller networks.

Remote Access Domain

Remote access domain enables remote users to access files and other system resources on any devices or servers that
are connected to the network at any time, increasing employee productivity and enabling them to better collaborate
with colleagues around the world. A remote access strategy also gives organizations the flexibility to hire the best talent
regardless of location, remove silos, and promote collaboration between teams, offices, and locations. Technical support
professionals also use remote access to connect to users’ computers from remote locations to help them resolve issues
with their systems or software.

One common method of providing remote access is via a remote access virtual private network (VPN) connection. A VPN
creates a safe and encrypted connection over a less secure network, such as the Internet. The VPN technology was
developed as a way to enable remote users and branch offices to log into corporate applications and other resources
securely.

METHOD PROS CONS

IP security VPN (IPsec VPN) is a • When a firewall is purchased, • A software client needs to be
common remote access it typically includes plenty of installed and configured on a
technology in use today is the licenses for IPsec VPN user’s computer before the
IPsec VPN. A piece of software connections. connection can be established.
called “VPN client” is installed in This can create difficulties for
• There is low processing
the end user’s computer and is the user and IT personnel if a
overhead for the firewall and
configured with details about the worker needs the client
many IPsec VPN connections
target network, such as the installed and configured when
can be active at the same
gateway IP address and a pre- they are not in the office.
time.
shared security key.
• It is an established
technology that many people
are familiar with.

03 Handout 1 *Property of STI

 [email protected] Page 2 of 6
 IT1914

METHOD PROS CONS

Secure Socket Layer VPN (SSL • End users can install the VPN • There is more configuration
VPN) is a common encryption client from a public portal. required on the firewall when
technology that is widely used to setting up the client network
• The IT department does not
provide secure communication on to be published.
need to touch each machine
the Internet. When setting up an
that needs remote access. • It requires more processing
SSL VPN, the network
overhead for the firewall
administrator publishes the VPN • Network administrators can
compared to IPsec VPN. Some
client to the firewall, providing it set up granular security
firewalls may not be able to
for download via the firewall’s policies for specific resources
handle as many SSL VPN client
public connection. on a corporate network even
connections as IPsec VPN
down to a single Web-based
licenses. Thus, SSL VPN
application.
licenses are usually sold as an
• Software clients are available add-on to the hardware.
for mobile devices, such as
iPhones and iPads. This
allows workers to view items
like a corporate intranet
without powering up their
laptop.
Microsoft DirectAccess is a • It is a seamless technology • Elaborate changes are
relatively new player to the that could change the way required on the corporate
remote access arena that was not users work remotely. network.
developed by a firewall
• This was designed with IPv6 as
manufacturer, but rather by
the primary addressing
Microsoft. DirectAccess creates
scheme and IPv4 secondarily.
an “always on” secure connection
at the operating system level. • Additional pieces of software
Users do not need to install any are required on the LAN so
software or launch any programs. that remote users can access
IPv4 addresses.
Table 2. Three (3) types of remote access methods and their pros and cons.

System/Application Domain
System/Application Domain
This consists of all of a business’ mission-critical systems, applications, and data. It is important to ensure that this domain
is secure at all times. Otherwise, a business could easily lose large amounts of sensitive information as well as face the
threat of having productivity come to a halt. The common targeted systems and applications are operating systems
(desktop, server, and network), e-mail applications and servers, enterprise resource planning (ERP) applications and
systems, and Web browsers. System/Application attacks are generalized into three (3) categories: denial or destruction,
alteration, and disclosure.

Unauthorized Physical Access

This can be defined as “gaining access to a physical entity or area without permission from an administrative figure.” It is
considered a threat because if an individual with malicious intentions were to attain unauthorized physical access to an
area containing sensitive systems, people could steal, alter, or destroy the systems and the data found on those systems.
This threat is especially dangerous when the targets are sensitive areas such as computer rooms, data centers, or wiring

03 Handout 1 *Property of STI

 [email protected] Page 3 of 6
 IT1914

closets because they contain a vast amount of sensitive information. However, it is also important to keep in mind that
physical entities such as important documents can be targets to this threat.

Unauthorized Logical Access

This is nearly identical to unauthorized physical access, except it is not limited to tangible data. It can be considered even
more dangerous than unauthorized physical access because it can be carried out by a staff member as well as an
experienced attacker. An attacker who gains access to a business’ system could destroy, alter, and disclose any
information that they find. This could result in a denial of service (DOS) attack on an important system required for the
business to continue running.

Software Vulnerabilities
This is a flaw that exists in the programming of a software component or system that allows a malicious attacker to gain
unauthorized access to that system through an exploit. These vulnerabilities can be exploited through malicious software
known as “malware” that is accidentally executed on the system by a user or more directly exploited by an attacker.
Weaknesses in software that lead to vulnerabilities can occur in any software that is running on a system, including the
operating system itself. Many common applications, such as Adobe Flash or Internet Explorer, may contain software
vulnerabilities. Even custom built in-house software is not immune to software vulnerabilities.

Server Vulnerabilities
Server software vulnerabilities are similar to software vulnerabilities on non-server systems with the exception that
software vulnerabilities that can exist on servers have the potential to be even more damaging. This can exist in the
software that the server uses to provide services (FTP, SSH, and PHP) or in the operating system of the server itself.

Data Loss
Data includes any information stored digitally on a computing system or network. It can be in the form of an e-mail, a
document or spreadsheet, images, database records, or other formats.

Data loss occurs when any stored data is destroyed. Loss can occur during storage, transmission, or processing. These
losses are considered the greatest risk to the system/application domain because the goal of these systems is to allow
users to create, store, retrieved, and manipulate data.

The most common preventative measure is to perform backups of all data. Complete system images are stored in case a
computer needs to be formatted and brought back to a known good state. Daily backups to an off-site or physically
separated storage medium will allow nearly full data recovery in the event of data loss.

Reducing Risk
In summary, the following suggestions should be taken into consideration to reduce risks associated with the
system/application domain:
• Physically secure areas containing sensitive systems.
• Implement encryption and data handling standards.
• Minimize data access.
• Back up data.
• Be aware of all applications on the network.
• Plan, configure, maintain, and improve network servers.
• Develop and implement standards.
• Read and understand the provided Acceptable Use Policy.
• Report suspected IT policy violations to the supervisor.

03 Handout 1 *Property of STI

 [email protected] Page 4 of 6
 IT1914

Ethics and the Internet

Cyber ethics refers to the code of responsible behavior on the Internet. The basic rule is “Do not do something in
cyberspace that you would consider wrong or illegal in everyday life.”
Considerations when determining responsible behavior
• Do not use rude or offensive language.
• Do not cyberbully.
• Do not plagiarize.
• Do not break into someone else’s computer.
• Do not use someone else’s password.
• Do not attempt to infect or in any way try to make someone else’s computer unusable.
• Adhere to copyright restrictions when downloading material from the Internet, including software, games,
movies, or music.

The Ethics Manifesto by Gerd Leonhard offers a framework for what he calls a global “ethics in technology” manifesto.
He says it is important, in creating this model, to focus on human rights in an era when machines will be taking on more
human-like characteristics.
Leonhard’s proposed manifesto focuses on five (5) specific human rights that he believes could be endangered if people
don’t have an ethical framework to guide them.

Specific Human Rights Description

The right to remain natural We can be employed, use public services, buy things, and function in society
without a requirement to deploy the technology on or inside our bodies.
The right to be inefficient if and We must be able to choose to be slower than technology and not make
where it defines our basic efficiency more important than humanity.
humanities
The right to disconnect We must retain the right to switch off connectivity, go dark on the network,
and pause communication, tracking, and monitoring.
The right to be anonymous We must retain the option of not being identified and tracked, such as when
using a digital application or platform when it doesn’t pose a risk or impose
itself on others.
The right to employ or involve We should not allow companies or employers to be disadvantaged if they
people instead of machines choose to use people instead of machines even if it’s more expensive and less
efficient.
Table 3. The Ethics Manifesto.

The Code of Ethics for Information Security Professional is derived from the Unified Framework for Information Security
Professionals, which emphasizes these three (3) core ethic values:

Values Descriptions
Integrity • Perform duties under existing laws and exercise the highest moral
principles.
• Refrain from activities that would constitute a conflict of interest.
• Act in the best interests of stakeholders consistent with the public
interest.
• Act honorably, justly, responsibly, and legally in every aspect of your
profession.
Objectivity • Perform all duties in a fair manner and without prejudice.

03 Handout 1 *Property of STI

 [email protected] Page 5 of 6
 IT1914

• Exercise independent professional judgment to provide unbiased

analysis and advice.
• When an opinion is provided, note it as opinion rather than fact.
Professional Competence and • Perform services diligently and professionally.
Due Care • Act with diligence and promptness in rendering service.
• Render only those services which you are fully competent and qualified.
• Ensure that the work performed meets the highest professional
standards.
• Be supportive of colleagues and encourage their professional
development.
• Keep stakeholders informed regarding the progress of your work.
• Refrain from conduct which would damage the reputation of the
profession, or the practice of colleague, clients, and employers.
• Report ethical violations to the appropriate governing body promptly.
Table 4. Three (3) Core Ethic Values.

_________________________________________________________________________________________________
References:
CyberSecurity Malaysia. (2010). Code of Ethics [PDF]. Retrieved from http://www.cybersecurity.my/data/content_files/11/764.pdf on May 2, 2019
Domain. (n.d.). In Techopedia. Retrieved from https://www.techopedia.com/definition/1326/domain-networking on May 1, 2019
Durkin, N. (n.d.). Pros and cons: 3 types of remote access methods [Web log post]. Retrieved from https://www.wearediagram.com/blog/pros-and-
cons-3-types-of-remote-access-methods on May 1, 2019
Eckel, E. (2006, July 19). The importance of a remote access policy. In TechRepublic. Retrieved from https://www.techrepublic.com/article/the-
importance-of-a-remote-access-policy/ on May 2, 2019
Know the rules of cyber ethics. (n.d.). In Center for Internet Security. Retrieved from https://www.cisecurity.org/daily-tip/know-the-rules-of-cyber-
ethics/ on May 2, 2019
Kostopoulus, G.K. (2018). Cyberspace and Cybersecurity (2nd ed.). Boca Raton, FL: Taylor and Francis Group
Local users and domain users in Windows. (n.d.). In Indiana University. Retrieved from https://kb.iu.edu/d/anbn on May 1, 2019
Mitchell, B. (2019). What is a wide area network (WAN)? [Web log post]. Retrieved from https://www.lifewire.com/wide-area-network-816383 on
May 1, 2019
Perlman, A. (2018). Man vs. Machine: The new ethics of cybersecurity. Retrieved from https://www.securityroundtable.org/new-ethics-of-
cybersecurity/ on May 2, 2019
Poczynek, N., Truong, J., When, A. (2013, April 4). System/Application domain. Retrieved from http://www.personal.utulsa.edu/~james-
childress/cs5493/Projects2013/Silver/SystemApplicationDomainTrainingDocument.pdf on May 2, 2019
The seven domain of a typical IT infrastructure. (n.d.). In BINUS University School of Information Systems. Retrieved from
https://sis.binus.ac.id/2018/01/15/the-seven-domain-of-a-typical-it-infrastructure/ on May 1, 2019
What is a LAN domain? (n.d.). In Reference.com. Retrieved from https://www.reference.com/technology/lan-domain-2489f5ad15657539 on May 1,
2019
Why domain names are so important. (n.d). In AllBusiness. Retrieved from https://www.allbusiness.com/why-domain-names-are-so-important-681-
1.html on May 2, 2019

03 Handout 1 *Property of STI

 [email protected] Page 6 of 6