A security domain is a term used to conceptualize any grouping of computers, networks, or information technology infrastructure elements that fall under a specific security protocol. The domain is established as a restricted unit of those elements that then have a single authentication method for access to the elements within the security domain. Given that the term is so conceptual in nature, it can be applied to a wide range of information technology (IT) elements such as a collection of web sites, a communications network, a group of computers in a room, and even a combination of any or all of these.
One such example of a security domain is the use of a web access management architecture to handle authorization for a series of websites or web pages. This can be handled in a couple different ways, such as a software agent on the web server or a separate proxy server. With a software agent, each web server has a small software program installed that receives authentication information from another server. The software on the web server intercepts a web request and then checks with the access management server for permission before allowing or denying access to the web site or a specific web page. With a proxy server setup, on the other hand, the proxy server contains the access permissions for the web servers that it guards, intercepts requests to those servers, and only allows requests that meet the proper security criteria.
In another instance, the security domain term is often used with enterprise directory services. One common example is Microsoft®'s Active Directory® service, which uses the lightweight directory access protocol (LDAP) and Kerberos authentication system to establish a single point of authorization. In this case, the domain is an actual computer network consisting of any number of computers, servers, and software programs. Access permission to these elements is then handled by the Active Directory® system, which even allows for separate security domains to be established under a single, larger administrative domain.
Highly-classified information is also often kept sequestered in a specified security domain. In this case, the security domain is comprised of any or all of the above elements, but the single authentication source may be of a different nature. One example is known as the secret Internet protocol router network (SIPRNet) used by the United States government. SIPRNet is a highly-secured set of interconnected networks that essentially mirrors the Internet. This type of security domain, part of the Defense Information Systems Network, still uses all of the same technology protocols as the Internet, but with no connection to the actual Internet itself.