Analyzing Business Requirements
- Analyze the existing and
planned business models.
- Analyze the company model and
the geographical scope. Models include regional, national,
international, subsidiary, and branch offices.
- Analyze company processes.
Processes include information flow, communication flow,
service and product life cycles, and decision-making.
- Analyze the existing and
planned organizational structures. Considerations include
management model; company organization; vendor, partner, and
customer relationships; and acquisition plans.
- Analyze factors that influence
company strategies.
- Identify company priorities.
- Identify the projected growth
and growth strategy.
- Identify relevant laws and
regulations.
- Identify the company's
tolerance for risk.
- Identify the total cost of
operations.
- Analyze business and security
requirements for the end user.
- Analyze the structure of IT
management. Considerations include type of administration,
such as centralized or decentralized; funding model;
outsourcing; decision-making process; and change-management
process.
- Analyze the current physical
model and information security model.
- Analyze internal and external
security risks.
Analyzing Technical
Requirements
- Evaluate the company's
existing and planned technical environment.
- Analyze company size and user
and resource distribution.
- Assess the available
connectivity between the geographic location of work sites
and remote sites.
- Assess the net available
bandwidth.
- Analyze performance
requirements.
- Analyze the method of
accessing data and systems.
- Analyze network roles and
responsibilities. Roles include administrative, user,
service, resource ownership, and application.
- Analyze the impact of the
security design on the existing and planned technical
environment.
- Assess existing systems and
applications.
- Identify existing and planned
upgrades and rollouts.
- Analyze technical support
structure.
- Analyze existing and planned
network and systems management.
Analyzing Security
Requirements
- Design a security baseline for
a Windows 2000 network that includes domain controllers,
operations masters, application servers, file and print
servers, RAS servers, desktop computers, portable computers,
and kiosks.
- Identify the required level of
security for each resource. Resources include printers,
files, shares, Internet access, and dial-in access.
Designing a Windows
2000 Security Solution
- Design an audit policy.
- Design a delegation of
authority strategy.
- Design the placement and
inheritance of security policies for sites, domains, and
organizational units.
- Design an Encrypting File
System strategy.
- Design an authentication
strategy.
- Select authentication methods.
Methods include certificate-based authentication, Kerberos
authentication, clear-text passwords, digest authentication,
smart cards, NTLM, RADIUS, and SSL.
- Design an authentication
strategy for integration with other systems.
- Design a security group
strategy.
- Design a Public Key
Infrastructure.
- Design Certificate Authority
(CA) hierarchies.
- Identify certificate server
roles.
- Manage certificates.
- Integrate with third-party CAs.
- Map certificates.
- Design Windows 2000 network
services security.
- Design Windows 2000 DNS
security.
- Design Windows 2000 Remote
Installation Services (RIS) security.
- Design Windows 2000 SNMP
security.
- Design Windows 2000 Terminal
Services security.
Designing a Security
Solution for Access Between Networks
- Provide secure access to
public networks from a private network.
- Provide external users with
secure access to private network resources.
- Provide secure access between
private networks.
- Provide secure access within a
LAN.
- Provide secure access within a
WAN.
- Provide secure access across a
public network.
- Design Windows 2000 security
for remote access users.
Designing Security for
Communication Channels
- Design an SMB-signing
solution.
- Design an IPSec solution.
- Design an IPSec encryption
scheme.
- Design an IPSec management
strategy.
- Design negotiation policies.
- Design security policies.
- Design IP filters.
- Define security levels.
|
