Community of interest (computer security)

Community of interest (computer security)
This article is about a specialized meaning in the field of computer security. For the more general meaning, see Community of interest.

C.O.I., Community of Interest is a means by which network assets and or network users are segregated by some technological means for some established purpose. COI's are a strategy that fall under the realm of Computer security which itself is a subset of Security engineering. Typically COI's are set up to protect a Network infrastructure from a group or groups of users who are performing some esoteric functions. COI's are also designed to protect their user community from the rest of the enclave user population.

Contents

Definition

A COI can be defined as a logical or physical grouping of network devices or users with access to information that should not be made available to the general user population on a LAN or WAN infrastructure. A COI can be utilized to provide multiple levels of protection for a LAN or WAN infrastructure from the activities within a COI. A COI can consist of a logical perimeter around the community (or enclave). It can allow for separate security management and operational direction. COI's generally do not dictate separate internal security policies (e.g., password policies, etc.) because they fall under the jurisdiction and management of the LAN or WAN owners. However, they can and often do have a laxed subset of the overall Network security policy. The terms "Segregation Mechanism" and "Security Mechanism" for the purposes of this article are interchangeable. The COI segregates in order to achieve security.

COI Types and Mechanisms
Segregation Mechanism Cost
 Description
MS Active Directory Low Provides logical separation in the form of group formations utilizing MS Active Directory controls.
VLAN Medium Provides logical separation and network layer 2 separation (see the OSI model for more information). Virtual Local Area Networks are usually constructed on the network switches which connect devices together.
Router High Provides physical device separation, while maintaining a desired level of communication with the rest of the LAN or WAN infrastructure.
Firewall High Provides physical device separation much like the router separation but adds the added security benefits of firewall components like ACL’s, proxies, SPI.
VPN High Provides physical device separation and support for multiple sites, which have no communication with the LAN or WAN infrastructure. A VPN device adds the ability to encrypt all data from the COI to others sites thus providing another layer of protection.
Complete Physical Separation Very High Provides highest level of separation through complete physical separation of COI's. Very high cost because network resources cannot be leveraged against.

Security Mechanisms

COI security requirements can range in sophistication from simple network file shares to an interconnection of physically separate sites that are connected via dedicated communication circuits. COI security mechanisms and the respective basic characteristics are identified in the Table. These security mechanisms may be utilized individually and in combinations to provide the requisite security for each COI. COI architecture can overlay the existing LAN or WAN architecture in order to maximize the use of existing resources and to provide the required COI separation in the most efficient manner.

COI's that require additional dedicated physical resources (e.g., dedicated Router, VPN and firewalls devices) are usually more complex in nature and expensive to operate because of the added network devices and the personnel to operate and manage them. They also add the benefit of more security utilizing the Defense in Depth approach. A COI does not necessarily imply a physical separation of the infrastructure, but can do so.

COI Construction

A standard approach to COI segregation can be through the use of group policies if the LAN or WAN infrastructure utilizes the Microsoft Windows Operating System utilizing the Active Directory service. Additional dedicated COI boundary security components such as a Router, VPN, firewall, and IDS can be provided depending upon the requirement needs of a COI. COI’s can be designed and deployed by employing the security mechanisms that are listed in the Table. Typically each individual COI may have unique characteristics and requirements. The security mechanisms listed above are the basic building blocks in the construction of all COI's.

References


See also


Wikimedia Foundation. 2010.

Игры ⚽ Нужно решить контрольную?

Look at other dictionaries:

  • Community of interest — This article is about the concept of a community based on a common interest. For a specialized meaning in the field of computer security, see Community of interest (computer security). A community of interest is a community of people who share a… …   Wikipedia

  • Community Of Interest — C.O.I., Community of Interest is a means by which network assets and or network users are segregated by some technological means for some established purpose. COI s are a strategy that fall under the realm of Computer security which itself is a… …   Wikipedia

  • Hacker (computer security) — This article is part of a series on …   Wikipedia

  • Security community — A security community is a region in which a large scale use of violence (such as war) has become very unlikely or even unthinkable. cite journal|title=Security Communities and Their Values: Taking Masses Seriously|journal=International Political… …   Wikipedia

  • Computer network — Computer networks redirects here. For the periodical, see Computer Networks (journal). Datacom redirects here. For other uses, see Datacom (disambiguation). Internet map. The Internet is a global system of interconnected computer networks that… …   Wikipedia

  • Computer science — or computing science (abbreviated CS) is the study of the theoretical foundations of information and computation and of practical techniques for their implementation and application in computer systems. Computer scientists invent algorithmic… …   Wikipedia

  • Computer networking — is the engineering discipline concerned with communication between computer systems or devices. Networking, routers, routing protocols, and networking over the public Internet have their specifications defined in documents called RFCs. [… …   Wikipedia

  • Security-Enhanced Linux — The SELinux administrator in Fedora 8 Security Enhanced Linux (SELinux) is a Linux feature that provides a mechanism for supporting access control security policies, including United States Department of Defense style mandatory access controls,… …   Wikipedia

  • Security through obscurity — In cryptography and computer security, security through obscurity (sometimes security by obscurity) is a controversial principle in security engineering, which attempts to use secrecy (of design, implementation, etc.) to provide security. A… …   Wikipedia

  • Computer insecurity — This article is about computer security exploits and defenses. For computer security through design and engineering, see computer security. Computer security Secure operating systems Security architecture Security by design Secure coding …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”