Definition
A COI can be defined as a logical or physical grouping of network devices or users with access to information that should not be made available to the general user population on a LAN or WAN infrastructure. A COI can be utilized to provide multiple levels of protection for a LAN or WAN infrastructure from the activities within a COI. A COI can consist of a logical perimeter around the community (or enclave). It can allow for separate security management and operational direction. COI's generally do not dictate separate internal security policies (e.g., password policies, etc.) because they fall under the jurisdiction and management of the LAN or WAN owners. However, they can and often do have a laxed subset of the overall Network security policy. The terms "Segregation Mechanism" and "Security Mechanism" for the purposes of this article are interchangeable. The COI segregates in order to achieve security.
COI Types and Mechanisms | ||
---|---|---|
Segregation Mechanism | Cost |
Description |
MS Active Directory | Low | Provides logical separation in the form of group formations utilizing MS Active Directory controls. |
VLAN | Medium | Provides logical separation and network layer 2 separation (see the OSI model for more information). Virtual Local Area Networks are usually constructed on the network switches which connect devices together. |
Router | High | Provides physical device separation, while maintaining a desired level of communication with the rest of the LAN or WAN infrastructure. |
Firewall | High | Provides physical device separation much like the router separation but adds the added security benefits of firewall components like ACL’s, proxies, SPI. |
VPN | High | Provides physical device separation and support for multiple sites, which have no communication with the LAN or WAN infrastructure. A VPN device adds the ability to encrypt all data from the COI to others sites thus providing another layer of protection. |
Complete Physical Separation | Very High | Provides highest level of separation through complete physical separation of COI's. Very high cost because network resources cannot be leveraged against. |
Read more about this topic: Community Of Interest (computer Security)
Famous quotes containing the word definition:
“No man, not even a doctor, ever gives any other definition of what a nurse should be than thisdevoted and obedient. This definition would do just as well for a porter. It might even do for a horse. It would not do for a policeman.”
—Florence Nightingale (18201910)
“... we all know the wags definition of a philanthropist: a man whose charity increases directly as the square of the distance.”
—George Eliot [Mary Ann (or Marian)
“Beauty, like all other qualities presented to human experience, is relative; and the definition of it becomes unmeaning and useless in proportion to its abstractness. To define beauty not in the most abstract, but in the most concrete terms possible, not to find a universal formula for it, but the formula which expresses most adequately this or that special manifestation of it, is the aim of the true student of aesthetics.”
—Walter Pater (18391894)