IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Organisation Remarks
____________________________________________________________________ .........................................
d) Complete-trust model
This model involves relationships of mutual trust between all the domains of a
network. Resources as well as user and group accounts are managed in each
domain. A complete-trust model is shown in the following diagram:
This model allows the departments of an organisation to manage user accounts
Domäne A
as well as resources. No central department is required for management. This
model can be scaled to any required number of users. However, it also has
major disadvantages. For example, it is hard to check compliance with the
applicable security policy. This makes it difficult not only to set up a central
security management, but also to co-ordinate the activities of the individual
administrators. Many trust relationships need to be managed in a network
containing a large number of domains, so that a clear overview is ultimately
lost.
No general recommendations can be made as to which of the domain models
described should be used in an organisation. This can only be ascertained
individually, on the basis of the physical and logical network structure, as well
as the distribution of data, applications and users in the network. For this
reason, a determination of the ideal domain structure requires a detailed
analysis, which can prove quite elaborate for extensive networks and might
need to be supported with planning software.
Additional controls:
- Have the selected network structure and any trust relationships existing
between domains been documented?
- Is the structure adapted to changes in the operational environment
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000
Domäne B
Domäne C Domäne D