What famous North American

landmark is constantly moving

backward?

How To develop and

Implement Project ?
Analysis

Design

Coding

Testing

Implement

So when we want to implement security

than what should we consider ?

Requirement gathering
Business Requirem
Making decision
Technical Requirem
Applying Decision
Design

Forest DomainOU

Active Directory

Security Business Requirement

When designing a security for
your network, you must ensure
that
you
gathered
and
understand
business
requirement
You must analyze the following
business
factors
when
you
design
your
organizations

Security business
requirement

Business model, Business process

Projected Growth, Management
Strategy
Current security policy,Tolerance of risk
The laws and regulations that affect
the organization
The organizations financial status
The employees

The Business Model

Organizations
with
branches
around the world may have
different requirements of security
than company have a single office
You have to know centralized
decision process, will generally
centralized security plan

The business Process

You need to know how business process

flow
E.g. :

Manager
Developer
Operator

All of above having different rights , so

we have to know it and accordingly we
should plane security policies for them

The Projected Growth

Your security plane should be dynamic

Dont deploy a security with short life
span
Be aware about relationship of
organization and partners of
organizations
Plane you deploy must be extensible
to handle growth over next few years

The Management Strategy

Dose organization use centralized or

decentralized management strategy ?
Always ask who manages resources
In some case management strategy will
be mix of centralized and decentralized
Eg : IT Industry

Main Administrator (Main Branch)

Local Administrator (Local Branch)

The Current Security

policy

Many organization will have a

predefined security policy
Some organizations restricts to use
some protocols within corporate
network because of threats

The tolerance of risk

Organization can differ on what

they consider risky
Some organization can consider
password less then 10 character is
risky , other can consider 6
character to be sufficient

Laws and regulation that

affect organization

Every organization abide by the laws

and regulation of the jurisdiction where
it perform business.
Know laws and regulation that affect
that organization.
Eg: if you want to apply
Strong
Encryption than some countries like US
will not allow you to sent data which is
strongly encrypted

Cont

Some country requires

management to take place within
that country
This rules are known as export rules
More information is available at
www.microsoft.com (search for
Exporting Microsoft product)

The organizations
Financial status

You must have to determine

project cost
Try to find out alternate solution
that meet business requirement

The Employees skills

Security solutions might involves

new technology that an
organization's employees dont
have expertise in
You must identifies these shortfalls

Making the decision

Applying the decision

Design Security to Meet

Technical Requirement

Identify technical requirement that

will affect your security design
Technical requirement that can affect
your security plans are

Total size and distribution of

resources
Performance consideration
Wide area Network links
Wide area network usage
How data is accessed
Administrative structure
Current application base

Total size and distribution

of Resources

Total number of computers and

users
This distribution helps you to
define active directory sites,
domains , OUs based on
organization

Performance Consideration

implementing encryption in network

can increase cost
Organization must define what is
acceptable performance for common
task
E.g query takes 2 second to return 100
result , so protect query and result by
considering performance level

Wide Area Network Links

Your security plan must evaluate how remote

offices are connected to corporate office
You must identify which technology connect
multiple offices and which protocols as
well.
Your security plan must determine what level
of encryption require in WAN
You must determine any third party product
used in between like Cisco routers ?

Wide area network usages

One office connected by 512 Kbps

link and another is by 128 Kbps
Dont fall in traps by available
bandwidth
Always b4 implementing security
calculate usage of bandwidth

How data is accessed

Your network security plan must

identify how data is accessed
Which include which application ,
protocol , users or computers
accessed data
By identifying these components
you can implement security

Administrative Structure

Identify who runs network and

where administration takes place
It will also help you to design
administration strategy for
managing object in AD

Current Application base

Windows 2000 introduces a stronger

base security for computers
It isnt always compatible with older
version of application
If you identify any application in
network then plan updating of that
application before migration takes
place.