Ψηφιακό Τεκμήριο

More documents

Recommendations

Info

8.1.2 Analog/ISDN Line Security Policy 32 Created by or for the SANS Institute. Feel free to modify or use for your organization. If you have a policy to contribute, please send e-mail to stephen@sans.edu 1.0 Purpose This document explains analog and ISDN line acceptable use and approval policies and procedures. This policy covers two distinct uses of analog/ISDN lines: lines that are to be connected for the sole purpose of fax sending and receiving, and lines that are to be connected to computers. 2.0 Scope This policy covers only those lines that are to be connected to a point inside building and testing sites. It does not pertain to ISDN/phone lines that are connected into employee homes, PBX desktop phones, and those lines used by Telecom for emergency and non-corporate information purposes. 3.0 Policy 3.1 Scenarios & Business Impact There are two important scenarios that involve analog line misuse, which we attempt to guard against through this policy. The first is an outside attacker who calls a set of analog line numbers in the hope of connecting to a computer that has a modem attached to it. If the modem answers (and most computers today are configured outof-the-box to auto-answer) from inside premises, then there is the possibility of breaching 's internal network through that computer, unmonitored. At the very least, information that is held on that computer alone can be compromised. This potentially results in the loss of millions of dollars worth of corporate information. The second scenario is the threat of anyone with physical access into a facility being able to use a modem-equipped laptop or desktop computer. In this case, the intruder would be able to connect to the trusted networking of through the computer's Ethernet connection, and then call out to an unmonitored site using the modem, with the ability to siphon information to an unknown location. This could also potentially result in the substantial loss of vital information. Specific procedures for addressing the security risks inherent in each of these scenarios follow. 3.2 Facsimile Machines As a rule, the following applies to requests for fax and analog lines: • Fax lines are to be approved for departmental use only. • No fax lines will be installed for personal use. 32 http://www.sans.org/resources/policies/Analog_Line_Policy.pdf 141
• No analog lines will be placed in a personal cubicle. • The fax machine must be placed in a centralized administrative area designated for departmental use, and away from other computer equipment. • A computer which is capable of making a fax connection is not to be allowed to use an analog line for this purpose. • Waivers for the above policy on analog-as-fax lines will be delivered on a case-by-case basis after reviewing the business need with respect to the level of sensitivity and security posture of the request. • Use of an analog/ISDN fax line is conditional upon the requester's full compliance with the requirements listed below. These requirements are the responsibility of the authorized user to enforce at all times: • The fax line is used solely as specified in the request. • Only persons authorized to use the line have access to it. • When not in use, the line is to be physically disconnected from the computer. • When in use, the computer is to be physically disconnected from 's internal network. • The line will be used solely for business, and not for personal reasons. • All downloaded material, prior to being introduced into systems and networks, must have been scanned by an approved anti-virus utility (e.g., McAfee VirusScan) which has been kept current through regular updates. 3.3 Computer-to-Analog Line Connections The general policy is that requests for computers or other intelligent devices to be connected with analog or ISDN lines from within will not be approved for security reasons. Analog and ISDN lines represent a significant security threat to , and active penetrations have been launched against such lines by hackers. Waivers to the policy above will be granted on a case by case basis. Replacement lines, such as those requeested because of a move, fall under the category of "new" lines. They will also be considered on a case by case basis. 3.4 Requesting an Analog/ISDN Line Once approved by a manager, the individual requesting an analog/ISDN line must provide the following information to Telecom: • Α clearly detailed business case of why other secure connections available at cannot be used, • Τhe business purpose for which the analog line is to be used, • Τhe software and hardware to be connected to the line and used across the line, • Αnd to what external connections the requester is seeking access. The business case must answer, at a minimum, the following questions: • What business needs to be conducted over the line? • Why is a -equipped desktop computer with Internet capability unable to accomplish the same tasks as the proposed analog line? 142
Page 1 and 2:
Τεχνολογικό Εκπαιδ
Page 3 and 4:
Περιγραφή Πτυχιακή
Page 5 and 6:
Abstract An organization/service in
Page 7 and 8:
ΚΕΦΑΛΑΙΟ 5.................
Page 9 and 10:
Πίνακας Εικόνων Ει
Page 11 and 12:
Κεφάλαιο 1 Εισαγωγή
Page 13 and 14:
2.1 Προσδιορισμός Λε
Page 15 and 16:
Και αναπτύσσεται τ
Page 17 and 18:
παραμετροποίησης (c
Page 19 and 20:
2.3 Ανάπτυξη Συστήμα
Page 21 and 22:
Σχήμα 2:Κύκλος ζωής
Page 23 and 24:
Σχήμα 3:Διάγραμμα π
Page 25 and 26:
• Οργάνωση Ασφάλει
Page 27 and 28:
Κεφάλαιο 3 Πήγες Πο
Page 29 and 30:
3.3 Λίστα πολιτικών
Page 31 and 32:
ελάχιστες απαιτήσε
Page 33 and 34:
συνδέονται, ακροάσ
Page 35 and 36:
και τον εξοπλισμό τ
Page 37 and 38:
διατηρηθεί ένα επα
Page 39 and 40:
κ.λπ., η οποία μπορε
Page 41 and 42:
Ο σκοπός αυτής της
Page 43 and 44:
που εξασφαλίζουν ό
Page 45 and 46:
Κεφάλαιο 4 Εργαλεία
Page 47 and 48:
CONTROL-IT Toolkit: Είναι έν
Page 49 and 50:
4.3 Cisco Security Policy Designer
Page 51 and 52:
Εικόνα 4: Cisco Builder: Επ
Page 53 and 54:
Εικόνα 7: Cisco Builder: Ει
Page 55 and 56:
Anti-Virus Policy Σκοπός Η
Page 57 and 58:
Στην συνέχεια ο design
Page 59 and 60:
Μετά ρωτάει σχετικ
Page 61 and 62:
Μετά ρωτάει εάν τα
Page 63 and 64:
Στην συνέχεια ρωτά
Page 65 and 66:
Η επόμενη ερώτηση ε
Page 67 and 68:
Εικόνα 31: Cisco Designer: Re
Page 69 and 70:
Επιβολή Οποιοσδήπο
Page 71 and 72:
5.3 Analog/ISDN Line Security Polic
Page 73 and 74:
Αίτηση για Αναλογι
Page 75 and 76:
• Μην επιτρέπετε τ
Page 77 and 78:
σχεδίων επιχειρησι
Page 79 and 80:
ασφάλειάς του. Είνα
Page 81 and 82:
Επιβολή Οποιοσδήπο
Page 83 and 84:
7. Κάθε σχολείου, τμ
Page 85 and 86:
7. Τα DMZ εργαστήρια θ
Page 87 and 88:
5.10 E-mail Policy 11 * Σκοπό
Page 89 and 90:
5.11 Identification and Authenticat
Page 91 and 92: 5.12 Network Security Policy 13 *
Page 93 and 94: 5.13 Password Protection Policy 14
Page 95 and 96: C. Passphrases Οι Passphrases χ
Page 97 and 98: ποινικού μητρώου. Μ
Page 99 and 100: Πειθαρχική διαδικα
Page 101 and 102: 5.15 Physical Security Policy 16 *
Page 103 and 104: Συντήρηση εξοπλισμ
Page 105 and 106: 5.16 Privacy Policy 17 Έλεγχο
Page 107 and 108: • Πολιτική Αποδεκτ
Page 109 and 110: 5.18 Mobile Computing and Storage D
Page 111 and 112: 5.19 Resource Utilization Security
Page 113 and 114: 5.20 Router Security Policy 21 Σκ
Page 115 and 116: 5.21 Server Security Policy 22 * Σ
Page 117 and 118: 5.22 Server Malware Protection Poli
Page 119 and 120: 5.23 User Data Protection Policy 24
Page 121 and 122: 5.24 VPN Security Policy 25 * Σκ
Page 123 and 124: 5.25 Wireless Communication Policy
Page 125 and 126: Παρακάτω παρατίθετ
Page 127 and 128: ☺ ☺ 35 Physical Security Policy
Page 129 and 130: Κεφάλαιο 6 Κατάρτισ
Page 131 and 132: Το μήνυμα της συνει
Page 133 and 134: η συνειδητοποίηση
Page 135 and 136: Πειθαρχικές πράξει
Page 137 and 138: και την αποθήκευση
Page 139 and 140: Κεφάλαιο 7 Επίλογoς-
Page 141: 8.1.1 Acceptable Use Policy 31 Cont
Page 145 and 146: 8.1.3 Backup Policy 33 Control Back
Page 147 and 148: 8.1.5 DMZ Lab Security Policy 35 Cr
Page 149 and 150: 11. Current applicable security pat
Page 151 and 152: 8.1.6 Network Security Policy 36 Ob
Page 153 and 154: 8.1.7 Privacy Policy 37 Control Dat
Page 155 and 156: a. Acceptable Encryption Policy b.
Page 157 and 158: 8.1.9 Router Security Policy 39 Cre
Page 159: Βιβλιογραφία • Ανά
show all

Ψηφιακό Τεκμήριο

Create successful ePaper yourself

Delete template?

Save as template?