What famous North American landmark is constantly moving backward?

How To develop and Implement Project ?

Analysis Design Coding Testing

Implement

So when we want to implement security than what should we consider ?

Requirement gathering Making decision Applying Decision Design

Business RequirementTechnical Requirement

Forest Domain OU Active Directory

Security Business Requirement

When designing a security for your network, you must ensure that you gathered and understand business requirement

You must analyze the following business factors when you design your organizations windows 2000 security

Security business requirement

Business model, Business process Projected Growth, Management

Strategy Current security policy,Tolerance of risk The laws and regulations that affect

the organization The organizations financial status The employees’

The Business Model

Organizations with branches around the world may have different requirements of security than company have a single office

You have to know centralized decision process, will generally centralized security plan

The business Process You need to know how business process

flow E.g. :

Manager Developer Operator

All of above having different rights , so we have to know it and accordingly we should plane security policies for them

The Projected Growth

Your security plane should be dynamic Don’t deploy a security with short life

span Be aware about relationship of

organization and partners of organizations

Plane you deploy must be extensible to handle growth over next few years

The Management Strategy Dose organization use centralized or

decentralized management strategy ? Always ask who manages resources In some case management strategy will

be mix of centralized and decentralized Eg : IT Industry

Main Administrator (Main Branch) Local Administrator (Local Branch)

The Current Security policy

Many organization will have a predefined security policy

Some organizations restricts to use some protocols within corporate network because of threats

The tolerance of risk

Organization can differ on what they consider risky

Some organization can consider password less then 10 character is risky , other can consider 6 character to be sufficient

Laws and regulation that affect organization

Every organization abide by the laws and regulation of the jurisdiction where it perform business.

Know laws and regulation that affect that organization.

Eg: if you want to apply Strong Encryption than some countries like US will not allow you to sent data which is strongly encrypted

Cont…

Some country requires management to take place within that country

This rules are known as export rules

More information is available at www.microsoft.com (search for Exporting Microsoft product)

The organizations Financial status

You must have to determine project cost

Try to find out alternate solution that meet business requirement

The Employees’ skills

Security solutions might involves new technology that an organization's employees don’t have expertise in

You must identifies these shortfalls

Making the decision Applying the decision

Design Security to Meet Technical Requirement

Identify technical requirement that will affect your security design

Technical requirement that can affect your security plans are …

Total size and distribution of resources

Performance consideration Wide area Network links Wide area network usage How data is accessed Administrative structure Current application base

Total size and distribution of Resources

Total number of computers and users

This distribution helps you to define active directory sites, domains , OU’s based on organization

Performance Consideration

implementing encryption in network can increase cost

Organization must define what is acceptable performance for common task

E.g query takes 2 second to return 100 result , so protect query and result by considering performance level

Wide Area Network Links Your security plan must evaluate how remote

offices are connected to corporate office You must identify which technology connect

multiple offices and which protocols as well….

Your security plan must determine what level of encryption require in WAN

You must determine any third party product used in between like Cisco routers ?

Wide area network usages

One office connected by 512 Kbps link and another is by 128 Kbps

Don’t fall in traps by available bandwidth

Always b4 implementing security calculate usage of bandwidth

How data is accessed

Your network security plan must identify how data is accessed

Which include which application , protocol , users or computers accessed data

By identifying these components you can implement security

Administrative Structure

Identify who runs network and where administration takes place

It will also help you to design administration strategy for managing object in AD

Current Application base

Windows 2000 introduces a stronger base security for computers

It isn’t always compatible with older version of application

If you identify any application in network then plan updating of that application before migration takes place.