Layered Security Model and IT Infrastructure Best Practices

10LayerModelSecurity,10Security policies and mandates.9,Oversight of end-to-end processes to ensure compliance with enterprise security policies. Audit trails for the threads.8Security roles and responsibilities. Standard security practices as they relate to activities and exchanges. Security Architecture. Personnel security requirements. 3.10. Management7Application service security (e.g., integrity of the service and application code) and content security (e.g., security labels). Security of user access to IT. Privilege management. 6Framework service security (e.g., integrity of the service and application code of the framework). Content security labeling service and label checking service. Software-based content encryption/decryption services for data at rest.5Security services for the IT are exposed at this layer to include, Authorization and Authentication services, PKI services, boundary protection, identity management, file encryption, transactional data in transit protection (e.g., SMIME), Stateful firewalls and cross- domain application gateways, and access enforcement (RBAC, PBAC, RAdAC, etc.). As with the other software layers, there is a need for middleware service security (e.g., integrity of the service and application code of the middleware).4Security of the platforms (e.g., Trusted computer base, high assurance platforms) and Operating systems (e.g., SE Linux, virus protection, IAVA patches). TCP/IP application (OSI Layer 7) security protocols such as SSL. Security domain separation (MLS, MILS, etc.), software certificates for operating systems, hardware or physical token for login, Host-based protection (HIDS), virus protection and malicious code services, hardware-based data at rest protection. 3Cross-domain packet filtering, communications security and transmission security, network security services (e.g., IPSEC), network access control, WAN protection services, routing security, Network Intrusion Detection Systems (NIDS), and Key Management Infrastructure services distributing keys to cryptographic devices.2Protected wire distribution system. 1Physical plant security such as fences, guard services, perimeter monitoring services, door locks, etc. TEMPEST considerations for facilities. Hardware token for facility access. Access controls: authentication and authorization Authentication[(biometrics -authentication method that examines a person’s innate physical characteristics. Common biometric applications are fingerprint scans, palm scans, retina scans, iris recognition, and facial recognition)(Passwords-mutli factor authentication, single factor authentication, passphrase)]Authorization[Privilege - is a collection of related computer system operations that a user is authorized to perform. Companies typically base authorization policies on the principle of least privilege - which posits that users be granted the privilege for an activity only if there is a justifiable need for them to perform that activity]Physical: Common physical controls include walls, doors, fencing, gates, locks, badges, guards, and alarm systems. More sophisticated physical controls include pressure sensors, temperature sensors, and motion detectors.  also implement physical security measures that limit computer users to acceptable login times and locations.middleware-connects multiple applicationsProtocols are a common set of rules or procedures that help computing devices communicate(two major protocols are:the ethernet and transmission control protocol/internet protocol(TCP/IP)).OpCon(operating concept)a description, usually graphical, showing the major, interactive participants/ players/systems and subsystems and their interrelationships.12 Elements of Support