Definition
A COI can be defined as a logical or physical grouping of network devices or users with access to information that should not be made available to the general user population on a LAN or WAN infrastructure. A COI can be utilized to provide multiple levels of protection for a LAN or WAN infrastructure from the activities within a COI. A COI can consist of a logical perimeter around the community (or enclave). It can allow for separate security management and operational direction. COI's generally do not dictate separate internal security policies (e.g., password policies, etc.) because they fall under the jurisdiction and management of the LAN or WAN owners. However, they can and often do have a laxed subset of the overall Network security policy. The terms "Segregation Mechanism" and "Security Mechanism" for the purposes of this article are interchangeable. The COI segregates in order to achieve security.
| COI Types and Mechanisms | ||
|---|---|---|
| Segregation Mechanism | Cost |
Description |
| MS Active Directory | Low | Provides logical separation in the form of group formations utilizing MS Active Directory controls. |
| VLAN | Medium | Provides logical separation and network layer 2 separation (see the OSI model for more information). Virtual Local Area Networks are usually constructed on the network switches which connect devices together. |
| Router | High | Provides physical device separation, while maintaining a desired level of communication with the rest of the LAN or WAN infrastructure. |
| Firewall | High | Provides physical device separation much like the router separation but adds the added security benefits of firewall components like ACL’s, proxies, SPI. |
| VPN | High | Provides physical device separation and support for multiple sites, which have no communication with the LAN or WAN infrastructure. A VPN device adds the ability to encrypt all data from the COI to others sites thus providing another layer of protection. |
| Complete Physical Separation | Very High | Provides highest level of separation through complete physical separation of COI's. Very high cost because network resources cannot be leveraged against. |
Read more about this topic: Community Of Interest (computer Security)
Famous quotes containing the word definition:
“I’m beginning to think that the proper definition of “Man” is “an animal that writes letters.””
—Lewis Carroll [Charles Lutwidge Dodgson] (1832–1898)
“No man, not even a doctor, ever gives any other definition of what a nurse should be than this—”devoted and obedient.” This definition would do just as well for a porter. It might even do for a horse. It would not do for a policeman.”
—Florence Nightingale (1820–1910)
“Although there is no universal agreement as to a definition of life, its biological manifestations are generally considered to be organization, metabolism, growth, irritability, adaptation, and reproduction.”
—The Columbia Encyclopedia, Fifth Edition, the first sentence of the article on “life” (based on wording in the First Edition, 1935)