Information Technology Reference
In-Depth Information
Tr u s t
Tr u st is the relat ion ship bet ween t wo or more net work ent it ie s that are per mit ted to com-
municate. Security policy decisions are largely based on this premise of trust. If you are
trusted, you are allowed to communicate as needed. However, sometimes security con-
trols need to apply restraint to trust relationships by limiting or preventing access to the
designated privilege level. Trust relationships can be explicit or implied by the organiza-
tion. Some trust relationships can be inherited or passed down from one system to an-
other. However, keep in mind that these trust relationships can also be abused.
Domains of Trust
Domains of trust are a way to group network systems that share a common policy or func-
tion. Network segments have different trust levels, depending on the resources they are
securing. When applying security controls within network segments, it is important to
consider the trust relationships between the segments. Keep in mind that customers, part-
ners, and employees each have their own unique sets of requirements from a security per-
spective that can be managed independently with “domains of trust” classifications. When
domains of trust are managed in this way, consistent security controls within each seg-
ment can be applied.
Figure 12-9 shows two examples of trust domains with varying levels of trust segmented.
The lighter shading indicates an internal environment with higher security, and the darker
areas represent less-secure areas with lower security.
Example A
Example B
Campus and WAN
DMZ
WAN
Internet
Internet
FW
VPN
VPN
Internal Servers
Figure 12-9
Domains of Trust
