IT1914

Typical Domains of IT Infrastructure

User, LAN, and WAN Domain
In the context of networking, domain refers to any group of users, workstations, devices, printers, computers, and
database servers that share different types of data via network resources. There are also many types of subdomains.

A domain has a domain controller that governs all basic domain functions and manages network security. Thus, a domain
is used to manage all user functions, including username, password, and shared system resource authentication and
access. It is also used to assign specific resource privileges, such as user accounts.

In a simple network domain, many computers and workgroups are directly connected. A domain comprises combined
systems, servers, and workgroups. Multiple server types may exist in one (1) domain such as Web, database, and print
that depend on network requirement.

DOMAIN
User Domain – This covers all the users that
have access to the other domains.
Workstation Domain – It is a computer of an
individual user where the production takes
place.
LAN Domain – This contains all of the
workstation, hubs, switches, and routers. This is
also a trusted zone.
WAN Domain – It consists of the Internet and
semi-private lines.
LAN/WAN Domain – It is the boundary
between the trusted and untrusted zones. The
zones are filtered with a firewall.
System/Application Storage Domain – This
domain is made up of user-accessed servers
such as e-mail and database.
Remote Access Domain – This is the domain in
which a mobile user can access the local
network usually through a VPN.
Table 1. The typical domains of IT Infrastructure.
RISKS
• User can destroy data in the application (intentionally or
not) and delete all.
• User can use the password to delete his/her file.
• User can insert infected CD or flash drive into the computer.
• The workstation’s operating system can have a known
software vulnerability that allows a hacker to connect
remotely and steal data.
• A workstation’s browser can have a software vulnerability,
which allows unsigned scripts to install malicious software
silently.
• A workstation’s hard drive can fail to cause loss of data.
• A work can spread through the LAN and infect all computers
in it.
• LAN server OS can have a known software vulnerability.
• An unauthorized user can access the organization’s
workstations in a LAN.
• The service provider can have a major network outage.
• Server can receive a Denial of Service (DOS) or Distributed
Denial of Service (DDOS) attack.
• A file transfer protocol (FTP) can allow anonymously
uploaded illegal software.
• A hacker can penetrate an IT infrastructure and gain access
to the internal network.
• A firewall with unnecessary ports open can allow access
from the Internet.
• A fire can destroy primary data.
• A DOS attack can cripple the organization’s e-mail.
• A database server can be attacked by SQL injection,
corrupting the data.
• Communication circuit outage can deny connection.
• Remote communication from the office can be unsecured.

03 Handout 1 *Property of STI

 student.feedback@sti.edu Page 1 of 6
 IT1914

Local Users and Domain Users in Windows

In Windows, a local user is one whose username and encrypted password are stored in the computer itself. When logging
in as a local user, the computer checks its own passwords file to see if the user is allowed to log into the computer. The
computer itself then applies all the permissions and restrictions that are assigned to the user for that computer.
Domain users are those whose username and password are stored on a domain controller rather than the computer and
the user is logging into. When logging in as a domain user, the computer asks the domain controller with privileges are
assigned to the user.
Domain users evolved in response to the challenges administrators face when managing large numbers of computers,
peripherals, services, and users.

LAN Domain
The Local Area Network (LAN) domain is defined as a sub-network that is made up of servers and clients—each of which
is controlled by a centralized database. User approval is obtained through a central server or a domain controller. The
term “domain” can refer to descriptors for Internet sites, which is a site’s Web address, or to LAN subnetworks.

WAN Domain
The Wide Area Network (WAN) is a communications network that spans a large geographic area such as cities, states, or
countries. It can be private to connect parts of a business, or it can be more public to connect smaller networks.

Remote Access Domain

Remote access domain enables remote users to access files and other system resources on any devices or servers that
are connected to the network at any time, increasing employee productivity and enabling them to better collaborate
with colleagues around the world. A remote access strategy also gives organizations the flexibility to hire the best talent
regardless of location, remove silos, and promote collaboration between teams, offices, and locations. Technical support
professionals also use remote access to connect to users’ computers from remote locations to help them resolve issues
with their systems or software.

One common method of providing remote access is via a remote access virtual private network (VPN) connection. A VPN
creates a safe and encrypted connection over a less secure network, such as the Internet. The VPN technology was
developed as a way to enable remote users and branch offices to log into corporate applications and other resources
securely.

METHOD PROS CONS

IP security VPN (IPsec VPN) is a
common remote access
technology in use today is the
IPsec VPN. A piece of software
called “VPN client” is installed in
the end user’s computer and is
configured with details about the
target network, such as the
gateway IP address and a pre-
shared security key.
• When a firewall is purchased, • A software client needs to be
it typically includes plenty of installed and configured on a
licenses for IPsec VPN user’s computer before the
connections. connection can be established.
This can create difficulties for
• There is low processing
the user and IT personnel if a
overhead for the firewall and
worker needs the client
many IPsec VPN connections
installed and configured when
can be active at the same
they are not in the office.
time.
• It is an established
technology that many people
are familiar with.

03 Handout 1 *Property of STI

 student.feedback@sti.edu Page 2 of 6
 IT1914

METHOD PROS CONS

Secure Socket Layer VPN (SSL
VPN) is a common encryption
technology that is widely used to
provide secure communication on
the Internet. When setting up an
SSL VPN, the network
administrator publishes the VPN
client to the firewall, providing it
for download via the firewall’s
public connection.
Microsoft DirectAccess is a
relatively new player to the
remote access arena that was not
developed by a firewall
manufacturer, but rather by
Microsoft. DirectAccess creates
an “always on” secure connection
at the operating system level.
Users do not need to install any
software or launch any programs.
Table 2. Three (3) types of remote access methods and their pros and cons.
• End users can install the VPN
client from a public portal.
• The IT department does not
need to touch each machine
that needs remote access.
• Network administrators can
set up granular security
policies for specific resources
on a corporate network even
down to a single Web-based
application.
• Software clients are available
for mobile devices, such as
iPhones and iPads. This
allows workers to view items
like a corporate intranet
without powering up their
laptop.
• It is a seamless technology
that could change the way
users work remotely.
• There is more configuration
required on the firewall when
setting up the client network
to be published.
• It requires more processing
overhead for the firewall
compared to IPsec VPN. Some
firewalls may not be able to
handle as many SSL VPN client
connections as IPsec VPN
licenses. Thus, SSL VPN
licenses are usually sold as an
add-on to the hardware.
• Elaborate changes are
required on the corporate
network.
• This was designed with IPv6 as
the primary addressing
scheme and IPv4 secondarily.
• Additional pieces of software
are required on the LAN so
that remote users can access
IPv4 addresses.

System/Application Domain
System/Application Domain
This consists of all of a business’ mission-critical systems, applications, and data. It is important to ensure that this domain
is secure at all times. Otherwise, a business could easily lose large amounts of sensitive information as well as face the
threat of having productivity come to a halt. The common targeted systems and applications are operating systems
(desktop, server, and network), e-mail applications and servers, enterprise resource planning (ERP) applications and
systems, and Web browsers. System/Application attacks are generalized into three (3) categories: denial or destruction,
alteration, and disclosure.

Unauthorized Physical Access

This can be defined as “gaining access to a physical entity or area without permission from an administrative figure.” It is
considered a threat because if an individual with malicious intentions were to attain unauthorized physical access to an
area containing sensitive systems, people could steal, alter, or destroy the systems and the data found on those systems.
This threat is especially dangerous when the targets are sensitive areas such as computer rooms, data centers, or wiring

03 Handout 1 *Property of STI

 student.feedback@sti.edu Page 3 of 6
 IT1914

closets because they contain a vast amount of sensitive information. However, it is also important to keep in mind that
physical entities such as important documents can be targets to this threat.

Unauthorized Logical Access

This is nearly identical to unauthorized physical access, except it is not limited to tangible data. It can be considered even
more dangerous than unauthorized physical access because it can be carried out by a staff member as well as an
experienced attacker. An attacker who gains access to a business’ system could destroy, alter, and disclose any
information that they find. This could result in a denial of service (DOS) attack on an important system required for the
business to continue running.

Software Vulnerabilities
This is a flaw that exists in the programming of a software component or system that allows a malicious attacker to gain
unauthorized access to that system through an exploit. These vulnerabilities can be exploited through malicious software
known as “malware” that is accidentally executed on the system by a user or more directly exploited by an attacker.
Weaknesses in software that lead to vulnerabilities can occur in any software that is running on a system, including the
operating system itself. Many common applications, such as Adobe Flash or Internet Explorer, may contain software
vulnerabilities. Even custom built in-house software is not immune to software vulnerabilities.

Server Vulnerabilities
Server software vulnerabilities are similar to software vulnerabilities on non-server systems with the exception that
software vulnerabilities that can exist on servers have the potential to be even more damaging. This can exist in the
software that the server uses to provide services (FTP, SSH, and PHP) or in the operating system of the server itself.

Data Loss
Data includes any information stored digitally on a computing system or network. It can be in the form of an e-mail, a
document or spreadsheet, images, database records, or other formats.

Data loss occurs when any stored data is destroyed. Loss can occur during storage, transmission, or processing. These
losses are considered the greatest risk to the system/application domain because the goal of these systems is to allow
users to create, store, retrieved, and manipulate data.

The most common preventative measure is to perform backups of all data. Complete system images are stored in case a
computer needs to be formatted and brought back to a known good state. Daily backups to an off-site or physically
separated storage medium will allow nearly full data recovery in the event of data loss.

Reducing Risk
In summary, the following suggestions should be taken into consideration to reduce risks associated with the
system/application domain:
• Physically secure areas containing sensitive systems.
• Implement encryption and data handling standards.
• Minimize data access.
• Back up data.
• Be aware of all applications on the network.
• Plan, configure, maintain, and improve network servers.
• Develop and implement standards.
• Read and understand the provided Acceptable Use Policy.
• Report suspected IT policy violations to the supervisor.

03 Handout 1 *Property of STI

 student.feedback@sti.edu Page 4 of 6
 IT1914

Ethics and the Internet

Cyber ethics refers to the code of responsible behavior on the Internet. The basic rule is “Do not do something in
cyberspace that you would consider wrong or illegal in everyday life.”
Considerations when determining responsible behavior
• Do not use rude or offensive language.
• Do not cyberbully.
• Do not plagiarize.
• Do not break into someone else’s computer.
• Do not use someone else’s password.
• Do not attempt to infect or in any way try to make someone else’s computer unusable.
• Adhere to copyright restrictions when downloading material from the Internet, including software, games,
movies, or music.

The Ethics Manifesto by Gerd Leonhard offers a framework for what he calls a global “ethics in technology” manifesto.
He says it is important, in creating this model, to focus on human rights in an era when machines will be taking on more
human-like characteristics.
Leonhard’s proposed manifesto focuses on five (5) specific human rights that he believes could be endangered if people
don’t have an ethical framework to guide them.

Specific Human Rights Description

The right to remain natural
The right to be inefficient if and
where it defines our basic
humanities
The right to disconnect
The right to be anonymous
The right to employ or involve
people instead of machines
We can be employed, use public services, buy things, and function in society
without a requirement to deploy the technology on or inside our bodies.
We must be able to choose to be slower than technology and not make
efficiency more important than humanity.
We must retain the right to switch off connectivity, go dark on the network,
and pause communication, tracking, and monitoring.
We must retain the option of not being identified and tracked, such as when
using a digital application or platform when it doesn’t pose a risk or impose
itself on others.
We should not allow companies or employers to be disadvantaged if they
choose to use people instead of machines even if it’s more expensive and less
efficient.
Table 3. The Ethics Manifesto.

The Code of Ethics for Information Security Professional is derived from the Unified Framework for Information Security
Professionals, which emphasizes these three (3) core ethic values:

Values Descriptions
Integrity • Perform duties under existing laws and exercise the highest moral
principles.
• Refrain from activities that would constitute a conflict of interest.
• Act in the best interests of stakeholders consistent with the public
interest.
• Act honorably, justly, responsibly, and legally in every aspect of your
profession.
Objectivity • Perform all duties in a fair manner and without prejudice.

03 Handout 1 *Property of STI

 student.feedback@sti.edu Page 5 of 6
 IT1914

• Exercise independent professional judgment to provide unbiased

analysis and advice.
• When an opinion is provided, note it as opinion rather than fact.
Professional Competence and • Perform services diligently and professionally.
Due Care • Act with diligence and promptness in rendering service.
• Render only those services which you are fully competent and qualified.
• Ensure that the work performed meets the highest professional
standards.
• Be supportive of colleagues and encourage their professional
development.
• Keep stakeholders informed regarding the progress of your work.
• Refrain from conduct which would damage the reputation of the
profession, or the practice of colleague, clients, and employers.
• Report ethical violations to the appropriate governing body promptly.
Table 4. Three (3) Core Ethic Values.

_________________________________________________________________________________________________
References:
CyberSecurity Malaysia. (2010). Code of Ethics [PDF]. Retrieved from http://www.cybersecurity.my/data/content_files/11/764.pdf on May 2, 2019
Domain. (n.d.). In Techopedia. Retrieved from https://www.techopedia.com/definition/1326/domain-networking on May 1, 2019
Durkin, N. (n.d.). Pros and cons: 3 types of remote access methods [Web log post]. Retrieved from https://www.wearediagram.com/blog/pros-and-
cons-3-types-of-remote-access-methods on May 1, 2019
Eckel, E. (2006, July 19). The importance of a remote access policy. In TechRepublic. Retrieved from https://www.techrepublic.com/article/the-
importance-of-a-remote-access-policy/ on May 2, 2019
Know the rules of cyber ethics. (n.d.). In Center for Internet Security. Retrieved from https://www.cisecurity.org/daily-tip/know-the-rules-of-cyber-
ethics/ on May 2, 2019
Kostopoulus, G.K. (2018). Cyberspace and Cybersecurity (2nd ed.). Boca Raton, FL: Taylor and Francis Group
Local users and domain users in Windows. (n.d.). In Indiana University. Retrieved from https://kb.iu.edu/d/anbn on May 1, 2019
Mitchell, B. (2019). What is a wide area network (WAN)? [Web log post]. Retrieved from https://www.lifewire.com/wide-area-network-816383 on
May 1, 2019
Perlman, A. (2018). Man vs. Machine: The new ethics of cybersecurity. Retrieved from https://www.securityroundtable.org/new-ethics-of-
cybersecurity/ on May 2, 2019
Poczynek, N., Truong, J., When, A. (2013, April 4). System/Application domain. Retrieved from http://www.personal.utulsa.edu/~james-
childress/cs5493/Projects2013/Silver/SystemApplicationDomainTrainingDocument.pdf on May 2, 2019
The seven domain of a typical IT infrastructure. (n.d.). In BINUS University School of Information Systems. Retrieved from
https://sis.binus.ac.id/2018/01/15/the-seven-domain-of-a-typical-it-infrastructure/ on May 1, 2019
What is a LAN domain? (n.d.). In Reference.com. Retrieved from https://www.reference.com/technology/lan-domain-2489f5ad15657539 on May 1,
2019
Why domain names are so important. (n.d). In AllBusiness. Retrieved from https://www.allbusiness.com/why-domain-names-are-so-important-681-
1.html on May 2, 2019

03 Handout 1 *Property of STI

 student.feedback@sti.edu Page 6 of 6