Enterasys Networks 9034385 1 Security Domain Configuration Guidelines continued, Network Scenario

Area of the network that

• Switches that provide access to

provides access to a group of

guest users or contractors on a

users or devices that pose a

corporate network. These users are

potentially high risk to the

usually not directly under the

security or stability of the

administrative control of IT

network.

operations and pose additional risks

to the network.

• Switches that provide access to

users within an organization that are

allowed to engage in high risk

behaviors on the network, or are not

protected by security mechanisms

such as a firewall or Intrusion

Detection Systems (IDS). A sales

organization that uses the Internet

as a necessary part of their job, or a

branch office location that is not

protected by a firewall would both be

characterized as high risk groups of

users.

• Wireless Access Points (APs) that

are configured with an open wireless

network or a wireless network that is

secured through weak

authentication/encryption

mechanisms such as WEP. End-

systems on these networks pose a

greater risk to the organization

because access to the network by

untrusted users is easier.

Area of the network that is more

• Switches that front-end a distribution

apt to affect the network's

layer device that often crashes in the

overall security or stability.

event of security threats or other

events on the network. Assigning a

more restrictive policy to these end-

systems protects against the

instability of the infrastructure

devices.

Area of the network where

• Switches that provide access to

authentication is not deployed

conference rooms, libraries, and

and open network access is

other areas commonly used by

available.

untrusted users.

• Access points that provide guest

access to an open SSID.