Infrastructure Security (INS)

Infrastructure security is perceived to be one of the mature disciplines of security. The functioning of security has evolved from addressing security threats at the network layer. Till recently, attackers were seen deploying innovative methodologies to penetrate into the network of an organization to get access to sensitive information assets. The automation of tools and techniques and easy availability of the same has contributed to increased compromises of the network. This has led to serious consequences, attracting attention of organizations to undertake the corrective measures. This was complemented with market innovations that delivered solutions such as Firewall and Intrusion Detection and Prevention System. The network configuration also went through significant security reviews to evolve best practices for the configuration of routing and switching devices. Security started acquiring an important space in the network architecture of an organization. On the other hand, the increased adoption of information technologies created immense opportunities to connect, expand and integrate different entities to bring innovation in the execution of a business transaction. This led to the expansion of the network capabilities and adoption of emerging connectivity techniques. Moreover, the Internet added an important dimension to an organization’s network. It helped an organization unleash its capabilities by expanding its operations and offering various channels to its customers. However, the connections opened for the Internet access, exposed an organization to the external world. This contributed to the concept of perimeter defense, which offered the fundamental capability of inspecting the inward and outward traffic, dropping malicious packets, and blocking a particular source from making a connection to an organization’s network. Since then, the infrastructure security discipline has progressed a lot; now it’s capable of handling very high throughput requirements for packet inspection, offering deep inspection capabilities and thus satisfying availability requirements of the business. It has added diverse capabilities to address specific security threats and challenges. In the recent years, with maturity of infrastructure security; organizations feel more comfortable in addressing network security threats. However, it has been observed that this kind of a notion is always challenged by evolving security threats.

Although the central attraction for security threats is increasingly shifting towards the application layer, an organization should keep its competence in infrastructure security updated to address the perennial as well as evolving threats. DSCI believes that Infrastructure Security (INS) is a fundamental discipline of security that equips an organization with important capabilities to manage the depth, breadth and scalability requirements of infrastructure protection.

  • Identify and create an inventory of different user groups, that need to connect to the corporate network
  • Evaluate the access requirements of the identified user groups. For each user group, identify the access requirements for Business applications, Support applications, Collaboration tools, External applications, Server farms, Storage Devices, Databases, Networking, switching and security devices
  • Identify the geographical spread of the organization along with respective spread of the business functions and operations and their respective access requirements
  • Evaluate the structure of the network infrastructure of the organization
  • Evaluate the network topology and design implemented in the organization
  • Identify and create a map of all business transaction flows. Identify all the resources that are part of the flow, Type of data being processed in a transaction, operations performed on the data: store, process, transmit
  • Identify and create an inventory of all network segments. Evaluate how the network is segmented to create separate security zones.
  • Identify the type of endpoints that are being used by the internal and external users
  • Identify the type of network access used to connect the endpoints
  • Evaluate the positioning of IT systems on the organization’s network -Placement of web server, Email-server, proxy server, patch management servers, antivirus servers web server, application server, database server, security devices such as content monitoring and filtering, Intrusion Detection and Prevention systems, wireless routers and devices etc.
  • Evaluate the connections allowed between different functions, groups, and IT resources
  • Evaluate the applications portfolio of the organization. For each application, map the services and ports required to be opened
  • Identify the characteristics of the network security infrastructure
  • Evaluate the architectural positioning of infrastructure security devices and solutions
  • Evaluate the security of organization’s infrastructure. The important security elements of the infrastructure are Version of the operating environment, Open services, ports and protocols, Unclosed vulnerabilities, Hardening of configuration, Security in the management of devices and Possibility of exploitation (revealed by penetration testing)
  • Evaluate the process for configuration of the network and security devices
  • Evaluate the strength of security solutions deployed
  • Identify how the security of wireless access is managed. How the wireless infrastructure is placed? How it is segmented from the core network?
  • Evaluate how the security threats from mobile employees are managed
  • Identify how the network access to the vendor and service provider employees is provided and managed
  • Identify how the access to visitors is managed. What process is followed for visitor access? How the access is provisioned and de-provisioned?
  • Evaluate the availability characteristics of the security infrastructure
  • Evaluate the resources, efforts and skills assigned to infrastructure security
  • A strategic roadmap for infrastructure security can be defined with practices and solutions that are evolving in the market
  • Ensure that the organization has complete and dynamic visibility over different user groups connecting to its network
  • Ensure that there exists a proper business justification for each connection, port, protocol, and service opened
  • Ensure that the organization has the capability and tools for segmentation of the network
  • Ensure that the security in an integral part of network topology design
  • Ensure that there exists a mechanism to assess the security posture of the infrastructure. Some of the tools used for assessing the security posture are Configuration audit and assessment, Vulnerability Assessment and Penetration Testing, Threat Modelling of the infrastructure
  • Ensure that the network security solutions, devices and tools and security capability planning of network routers and switches are derived out of a well devised architectural plan
  • Ensure that the IT assets of the organization are securely positioned within the network. This should be based on the perceived security threats, sensitivity of data and security capability of the device.
  • Ensure that the security defense, planned for the infrastructure, is proportionate to the likely impact of security threats
  • Ensure that there exists a significant level of capability to address the security threats at the network layer
  • Ensure that the Access Control rules of the routers and switches adhere to the principle of ‘least privilege’
  • Ensure that the configuration of the security devices, tool and solutions is managed effectively
  • Ensure that the principles of infrastructure security are also applied to the internal connections and user access to ‘internal LAN’ to manage the insider threats
  • Ensure that security is given due consideration in the management of security devices and solutions
  • Ensure that there exists significant mechanisms to address the security threats arising out of the evolving IT ecosystem of the organization
  • Ensure that the scope of infrastructure security is extended to cover the vendor, service provider and visitor access to the network
  • Ensure that the liability towards security is incorporated in the contracts signed with the network service providers
  • Ensure that infrastructure security is closely integrated with other security functions of the organization
  • Ensure that the organization dedicates significant resources, efforts and skills to manage its competence in infrastructure security, manage the network security devices and solutions and perform security operations
  • Ensure that the security infrastructure embeds the principle of availability in its architecture, technical design and device planning
  • Comprehensiveness and dynamism of visibility over the users connecting to the organization’s network reflects the comprehensive understanding of an organization about the assets that are connecting to the network. It also reflects the ability of an organization to update this understanding continuously
  • Ability to address the granularity of business and protection requirements reflects the capability of the infrastructure security to address the diverse and granular needs of business
  • Depth and breadth of security strength reflects the ability of infrastructure security to offer the depth and diversity of protection capabilities
  • Coverage and extent of the infrastructure security program reflects the ability of the program to extend its scope to all types of network access, usage and connections
  • Responsiveness to new threats and issues reflects how swiftly the infrastructure security capability responds to new threats and issues
  • Scalability, reliability and availability of infrastructure security capability reflects its ability to withstand expanding traffic requirements, reliability of protection and availability requirements of business
  • Architectural treatment to the infrastructure security solutions reflects the structural positioning of the security solutions
  • Network positioning of the information assets reflects the manner in which the information assets are placed in the network for securing them from external as well as internal threats
  • Capability to manage devices and solutions reflects the effectiveness and efficiency of managing diverse infrastructure devices and solutions
  • Adequacy of resources and efforts reflects how well the resources and efforts are positioned and deployed for managing the strategic, tactical and operational functions of infrastructure security

Please allow pop-up in your internet browser to download DSF


DSCI Security Framework