Seven Domains of a Typical Infrastructure to Identify Weaknesses
Seven domains of a Typical IT Infrastructure To Identify Weaknesses User Domain - Social engineering represents a big vulnerability. Workstation Domain - Computers that aren't patched can be exploited. If they don't have antivirus software they can become infected LAN Domain - Any data on the network that is not secured with appropriated access controls is vulnerable. Weak passwords can be cracked. Permissions that aren't assigned properly allow unauthorized access LAN-to-WAN Domain - If users are allowed to visit malicious Web sites, they can mistakenly download malicious software. Firewalls with unnecessary ports open allow access to the internal network from the internet. WAN Domain - Any public-facing server is susceptible to DoS and DDos attacks. A File Transfer Protocol (FTP) server that allows anonymous uploads can host Warez from black-hat hackers Remote Access Domain - Remote users may be infected with a virus but not know it. When they connect to the internal network via remote access, the virus can infect the network System/Application Domain - Database servers can be subject to SQL injection attacks. In a SQL injection attack, the attacker can read the entire database. SQL injection attacks can also modify data in the database.
Risk and trust levels of common network zones
Threat
Vulnerability
Impact
An Unauthorized employee tries to access data hosted on a server
The organization doesn't use authentication and access controls
The possible loss would depend on the sensitivity of the data and how it's used. For example, if the unauthorized employee accessed salary data and freely shared it, this could impact morale and productivity.
Any type of malicious software, such as viruses or worms, enters the network
Antivirus software doesn't detect the virus
The virus could be installed on systems. Viruses typically result in loss of confidentially, integrity, or availability
An attacker modifies or defaces a Web site