Definition
A COI can be defined as a logical or physical grouping of network devices or users with access to information that should not be made available to the general user population on a LAN or WAN infrastructure. A COI can be utilized to provide multiple levels of protection for a LAN or WAN infrastructure from the activities within a COI. A COI can consist of a logical perimeter around the community (or enclave). It can allow for separate security management and operational direction. COI's generally do not dictate separate internal security policies (e.g., password policies, etc.) because they fall under the jurisdiction and management of the LAN or WAN owners. However, they can and often do have a laxed subset of the overall Network security policy. The terms "Segregation Mechanism" and "Security Mechanism" for the purposes of this article are interchangeable. The COI segregates in order to achieve security.
| COI Types and Mechanisms | ||
|---|---|---|
| Segregation Mechanism | Cost |
Description |
| MS Active Directory | Low | Provides logical separation in the form of group formations utilizing MS Active Directory controls. |
| VLAN | Medium | Provides logical separation and network layer 2 separation (see the OSI model for more information). Virtual Local Area Networks are usually constructed on the network switches which connect devices together. |
| Router | High | Provides physical device separation, while maintaining a desired level of communication with the rest of the LAN or WAN infrastructure. |
| Firewall | High | Provides physical device separation much like the router separation but adds the added security benefits of firewall components like ACL’s, proxies, SPI. |
| VPN | High | Provides physical device separation and support for multiple sites, which have no communication with the LAN or WAN infrastructure. A VPN device adds the ability to encrypt all data from the COI to others sites thus providing another layer of protection. |
| Complete Physical Separation | Very High | Provides highest level of separation through complete physical separation of COI's. Very high cost because network resources cannot be leveraged against. |
Read more about this topic: Community Of Interest (computer Security)
Famous quotes containing the word definition:
“Mothers often are too easily intimidated by their children’s negative reactions...When the child cries or is unhappy, the mother reads this as meaning that she is a failure. This is why it is so important for a mother to know...that the process of growing up involves by definition things that her child is not going to like. Her job is not to create a bed of roses, but to help him learn how to pick his way through the thorns.”
—Elaine Heffner (20th century)
“I’m beginning to think that the proper definition of “Man” is “an animal that writes letters.””
—Lewis Carroll [Charles Lutwidge Dodgson] (1832–1898)
“... if, as women, we accept a philosophy of history that asserts that women are by definition assimilated into the male universal, that we can understand our past through a male lens—if we are unaware that women even have a history—we live our lives similarly unanchored, drifting in response to a veering wind of myth and bias.”
—Adrienne Rich (b. 1929)