Community of interest (C.O.I.) is a means by which network assets and or network users are segregated by some technological means for some established purpose. COIs are a strategy that fall under the realm of computer security which itself is a subset of security engineering. Typically, COIs are set up to protect a network infrastructure from a group or groups of users who are performing some esoteric functions. COIs are also designed to protect their user community from the rest of the enclave user population.
Contents
Definition
A COI can be defined as a logical or physical grouping of network devices or users with access to information that should not be made available to the general user population on a LAN or WAN infrastructure. A COI can be used to provide multiple levels of protection for a LAN or WAN infrastructure from the activities within a COI. A COI can consist of a logical perimeter around the community (or enclave). It can allow for separate security management and operational direction. COI's generally do not dictate separate internal security policies (e.g., password policies, etc.) because they fall under the jurisdiction and management of the LAN or WAN owners. However, they can and often do have a laxed subset of the overall Network security policy. The terms "Segregation Mechanism" and "Security Mechanism" for the purposes of this article are interchangeable. The COI segregates in order to achieve security.
Security mechanisms
COI security requirements can range in sophistication from simple network file shares to an interconnection of physically separate sites that are connected via dedicated communication circuits. COI security mechanisms and the respective basic characteristics are identified in the Table. These security mechanisms may be utilized individually and in combinations to provide the requisite security for each COI. COI architecture can overlay the existing LAN or WAN architecture in order to maximize the use of existing resources and to provide the required COI separation in the most efficient manner.
COIs that require additional dedicated physical resources (e.g., dedicated router, VPN and firewalls devices) are usually more complex in nature and expensive to operate because of the added network devices and the personnel to operate and manage them. They also add the benefit of more security utilizing the defense in depth approach. A COI does not necessarily imply a physical separation of the infrastructure, but can do so.
Construction
A standard approach to COI segregation can be through the use of group policies if the LAN or WAN infrastructure utilizes the Microsoft Windows operating system utilizing the Active Directory service. Additional dedicated COI boundary security components such as a router, VPN, firewall, and IDS can be provided depending upon the requirement needs of a COI. COIs can be designed and deployed by employing the security mechanisms that are listed in the Table. Typically each individual COI may have unique characteristics and requirements. The security mechanisms listed above are the basic building blocks in the construction of all COIs.