Ψηφιακό Τεκμήριο

More documents

Recommendations

Info

7. The Network Support Organization and InfoSec reserve the right to interrupt lab connections if a security concern exists. 8. The DMZ Lab will provide and maintain network devices deployed in the DMZ Lab up to the Network Support Organization point of demarcation. 9. The Network Support Organization must record all DMZ Lab address spaces and current contact information [in the corporate enterprise management system, if one exists]. 10. The DMZ Lab Managers are ultimately responsible for their DMZ Labs complying with this policy. 11. Immediate access to equipment and system logs must be granted to members of InfoSec and the Network Support Organization upon request, in accordance with the Audit Policy 12. Individual lab accounts must be deleted within three (3) days when access is no longer authorized. Group account passwords must comply with the Password Policy and must be changed within three (3) days from a change in the group membership. 13. InfoSec will address non-compliance waiver requests on a case-by-case basis. 3.2. General Configuration Requirements 1. Production resources must not depend upon resources on the DMZ Lab networks. 2. DMZ Labs must not be connected to 's corporate internal networks, either directly or via a wireless connection. 3. DMZ Labs should be in a physically separate room from any internal networks. If this is not possible, the equipment must be in a locked rack with limited access. In addition, the Lab Manager must maintain a list of who has access to the equipment. 4. Lab Managers are responsible for complying with the following related policies: a. Password Policy b. Wireless Communications Policy c. Lab Anti-Virus Policy 5. The Network Support Organization maintained firewall devices must be configured in accordance with least-access principles and the DMZ Lab business needs. All firewall filters will be maintained by InfoSec. 6. The firewall device must be the only access point between the DMZ Lab and the rest of 's networks and/or the Internet. Any form of cross-connection which bypasses the firewall device is strictly prohibited. 7. Original firewall configurations and any changes thereto must be reviewed and approved by InfoSec (including both general configurations and rule sets). InfoSec may require additional security measures as needed. 8. Traffic from DMZ Labs to the internal network, including VPN access, falls under the Remote Access Policy 9. All routers and switches not used for testing and/or training must conform to the DMZ Router and Switch standardization documents. 10. Operating systems of all hosts internal to the DMZ Lab running Internet Services must be configured to the secure host installation and configuration standards. [Add url link to site where your internal configuration standards are kept]. 147
11. Current applicable security patches/hot-fixes for any applications that are Internet services must be applied. Administrative owner groups must have processes in place too stay current on appropriate patches/ hotfixes. 12. All applicable security patches/hot-fixes recommended by the vendor must be installed. Administrative owner groups must have processes in place to stay current on appropriate patches/ hotfixes. 13. Services and applications not serving business requirements must be disabled. 14. Confidential information is prohibited on equipment in labs where non- personnel have physical access (e.g., training labs), in accordance with the Information Sensitivity Classification Policy 15. Remote administration must be performed over secure channels (e.g., encrypted network connections using SSH or IPSEC) or console access independent from the DMZ networks. 4.0 Enforcement Any employee found to have violated this policy may be subject to disciplinary action up to and including termination of employment. 5.0 Definitions Access Control List (ACL): Lists kept by routers to control access to or from the router for a number of services (for example, to prevent packets with a certain IP address from leaving a particular interface on the router). DMZ (de-militarized zone): Networking that exists outside of primary corporate firewalls, but is still under administrative control. Network Support Organization: Any InfoSec-approved support organization that manages the networking of non-lab networks. Least Access Principle: Access to services, hosts, and networks is restricted unless otherwise permitted. Internet Services: Services running on devices that are reachable from other devices across a network. Major Internet services include DNS, FTP, HTTP, etc. Network Support Organization Point of Demarcation: The point at which the networking responsibility transfers from a Network Support Organization to the DMZ Lab. Usually a router or firewall. Lab Manager: The individual responsible for all lab activities and personnel. 148
Page 1 and 2:
Τεχνολογικό Εκπαιδ
Page 3 and 4:
Περιγραφή Πτυχιακή
Page 5 and 6:
Abstract An organization/service in
Page 7 and 8:
ΚΕΦΑΛΑΙΟ 5.................
Page 9 and 10:
Πίνακας Εικόνων Ει
Page 11 and 12:
Κεφάλαιο 1 Εισαγωγή
Page 13 and 14:
2.1 Προσδιορισμός Λε
Page 15 and 16:
Και αναπτύσσεται τ
Page 17 and 18:
παραμετροποίησης (c
Page 19 and 20:
2.3 Ανάπτυξη Συστήμα
Page 21 and 22:
Σχήμα 2:Κύκλος ζωής
Page 23 and 24:
Σχήμα 3:Διάγραμμα π
Page 25 and 26:
• Οργάνωση Ασφάλει
Page 27 and 28:
Κεφάλαιο 3 Πήγες Πο
Page 29 and 30:
3.3 Λίστα πολιτικών
Page 31 and 32:
ελάχιστες απαιτήσε
Page 33 and 34:
συνδέονται, ακροάσ
Page 35 and 36:
και τον εξοπλισμό τ
Page 37 and 38:
διατηρηθεί ένα επα
Page 39 and 40:
κ.λπ., η οποία μπορε
Page 41 and 42:
Ο σκοπός αυτής της
Page 43 and 44:
που εξασφαλίζουν ό
Page 45 and 46:
Κεφάλαιο 4 Εργαλεία
Page 47 and 48:
CONTROL-IT Toolkit: Είναι έν
Page 49 and 50:
4.3 Cisco Security Policy Designer
Page 51 and 52:
Εικόνα 4: Cisco Builder: Επ
Page 53 and 54:
Εικόνα 7: Cisco Builder: Ει
Page 55 and 56:
Anti-Virus Policy Σκοπός Η
Page 57 and 58:
Στην συνέχεια ο design
Page 59 and 60:
Μετά ρωτάει σχετικ
Page 61 and 62:
Μετά ρωτάει εάν τα
Page 63 and 64:
Στην συνέχεια ρωτά
Page 65 and 66:
Η επόμενη ερώτηση ε
Page 67 and 68:
Εικόνα 31: Cisco Designer: Re
Page 69 and 70:
Επιβολή Οποιοσδήπο
Page 71 and 72:
5.3 Analog/ISDN Line Security Polic
Page 73 and 74:
Αίτηση για Αναλογι
Page 75 and 76:
• Μην επιτρέπετε τ
Page 77 and 78:
σχεδίων επιχειρησι
Page 79 and 80:
ασφάλειάς του. Είνα
Page 81 and 82:
Επιβολή Οποιοσδήπο
Page 83 and 84:
7. Κάθε σχολείου, τμ
Page 85 and 86:
7. Τα DMZ εργαστήρια θ
Page 87 and 88:
5.10 E-mail Policy 11 * Σκοπό
Page 89 and 90:
5.11 Identification and Authenticat
Page 91 and 92:
5.12 Network Security Policy 13 *
Page 93 and 94:
5.13 Password Protection Policy 14
Page 95 and 96:
C. Passphrases Οι Passphrases χ
Page 97 and 98: ποινικού μητρώου. Μ
Page 99 and 100: Πειθαρχική διαδικα
Page 101 and 102: 5.15 Physical Security Policy 16 *
Page 103 and 104: Συντήρηση εξοπλισμ
Page 105 and 106: 5.16 Privacy Policy 17 Έλεγχο
Page 107 and 108: • Πολιτική Αποδεκτ
Page 109 and 110: 5.18 Mobile Computing and Storage D
Page 111 and 112: 5.19 Resource Utilization Security
Page 113 and 114: 5.20 Router Security Policy 21 Σκ
Page 115 and 116: 5.21 Server Security Policy 22 * Σ
Page 117 and 118: 5.22 Server Malware Protection Poli
Page 119 and 120: 5.23 User Data Protection Policy 24
Page 121 and 122: 5.24 VPN Security Policy 25 * Σκ
Page 123 and 124: 5.25 Wireless Communication Policy
Page 125 and 126: Παρακάτω παρατίθετ
Page 127 and 128: ☺ ☺ 35 Physical Security Policy
Page 129 and 130: Κεφάλαιο 6 Κατάρτισ
Page 131 and 132: Το μήνυμα της συνει
Page 133 and 134: η συνειδητοποίηση
Page 135 and 136: Πειθαρχικές πράξει
Page 137 and 138: και την αποθήκευση
Page 139 and 140: Κεφάλαιο 7 Επίλογoς-
Page 141 and 142: 8.1.1 Acceptable Use Policy 31 Cont
Page 143 and 144: • No analog lines will be placed
Page 145 and 146: 8.1.3 Backup Policy 33 Control Back
Page 147: 8.1.5 DMZ Lab Security Policy 35 Cr
Page 151 and 152: 8.1.6 Network Security Policy 36 Ob
Page 153 and 154: 8.1.7 Privacy Policy 37 Control Dat
Page 155 and 156: a. Acceptable Encryption Policy b.
Page 157 and 158: 8.1.9 Router Security Policy 39 Cre
Page 159: Βιβλιογραφία • Ανά
show all

Ψηφιακό Τεκμήριο

Create successful ePaper yourself

Delete template?

Save as template?