DEFENSE SWITCHED NETWORK INFORMATION ASSURANCE ...

More documents

Recommendations

Info

Figure B-1. IASE Website B-2. SECURITY READINESS REVIEW SCRIPTS/GOLD DISK. The DISA Field Security Office (FSO) develops the Gold Disks and Security Readiness Reviews (SRRs) to assist System Administrators (SA) in securing systems and applications in accordance with the DISA STIGs, Checklists, and applicable Center for Internet Security (CIS) benchmarks. This functionality was developed to meet the needs of the system auditors and SA’s in accessing the security posture of the respective IS. The SA’s, Gold Disks, and SRRs encompass the ability to detect installed products, identify and remediate applicable vulnerabilities, generate a file that is used for asset registration within the vulnerability management system, and provide a findings report. B-3. NSA OPERATING SYSTEM SECURITY GUIDES/NSA ROUTER AND SWITCH GUIDES. The NSA has written information guides to enhance the posture of both commercial and open source software. These guides cover different version of workstation software, switch software, and router software. The objective of the NSA research program is to develop technological advances and share that information with the software development community through a variety of transfer mechanisms. Figure B-2 provides the documents available at B-5
Figure B-2. NSA Website B-4. MICROSOFT SECURITY GUIDES. Microsoft engineering teams, consultants, support engineers, customers, and partners review and approve Microsoft Security guides. Microsoft worked with consultants and systems engineers, which implemented Windows Server 2003, Windows XP, and Windows 2000 in a variety of environments to establish the latest choice practices to secure these servers and clients. The detailed information guides are available at B-5. DoDD 8500.1 AND DoDI 8500.2. The DoDD 8500.1 and DoDI 8500.2 establish policy and assign responsibilities to achieve IA through a defense-in-depth approach that integrates the capabilities of personnel, operations, and technology that supports the evolution to network centric warfare. The responsibility of the DoD is crucial to protect and defend information and support information technology. The DoD information is shared across a Global Information Grid that is inherently vulnerable to exploitation and denial of service. The following are contributing factors to vulnerabilities within this grid: • Increased reliance on commercial information technology and services • Increased complexity and risk propagation through interconnection • Extremely rapid pace of technological change • Distributed and non-standard management structure • Relatively low cost of entry for adversaries The DoDI 8500.2, Enclosure 3, establishes fundamental IA requirements for DoD IS in the form of two sets of graded baseline IA Controls. The baseline sets of IA controls are pre-defined based on the determination of the Mission Assurance Category (MAC) and Confidentiality Levels. The IA Controls addressing availability and integrity requirements are tied to the system’s MAC based on the importance of the information B-6
Page 1 and 2: DEFENSE INFORMATION SYSTEMS AGENCY
Page 3 and 4: DEFENSE SWITCHED NETWORK INFORMATIO
Page 5 and 6: EXECUTIVE SUMMARY The Department of
Page 7 and 8: TABLE OF CONTENTS iii Page EXECUTIV
Page 9 and 10: TABLE OF CONTENTS (continued) LIST
Page 11 and 12: SUMMARY OF CHANGES Editor/Approver
Page 13 and 14: The DSN provides end-to-end command
Page 15 and 16: implementing a security baseline, p
Page 17 and 18: • Apply applicable STIGs and subm
Page 19 and 20: Some products, such as CPE, rely on
Page 21 and 22: e. System Requirements, Maximum Tra
Page 23 and 24: 8. Conduct Service Enumeration Serv
Page 25 and 26: (The page intentionally left blank.
Page 27 and 28: IAM Information Assurance Manager I
Page 29 and 30: (The page intentionally left blank.
Page 31 and 32: Table B-1. STIG Listing STIG Descri
Page 33: Table B-1. STIG Listing (continued)
Page 37 and 38: compliant, non-compliant, or not ap
Page 39 and 40: Within the delivered scorecard, the
Page 41 and 42: Absinthe (SQL injection) Arpoison (
Page 43 and 44: APPENDIX C TEST PREPARATION DOCUMEN
Page 45 and 46: DSN IA Test Team Test Preparation D
Page 47 and 48: DSN IA Test Team Test Preparation D
Page 49 and 50: APPENDIX D DSN ARCHITECTURE The Def
Page 51 and 52: APPENDIX E ASSESSMENT OBJECTIVES, C
Page 53 and 54: STIG. Not all checklists have paren
Page 55 and 56: HKLM\SYSTEM\CurrentControlSet\Servi
Page 57 and 58: Figure E-3. Configure Your Computer
Page 59 and 60: Table E-1. Gold Disk Minimum System
Page 61 and 62: Table E-3. DISA Gold Disk Test Proc
Page 63 and 64: Procedures (continued) Table E-5. S
Page 65 and 66: Table E-6. Additional IA Requiremen
Page 67 and 68: Table E-6. Additional IA Requiremen
Page 69 and 70: Table E-7. IPv6 Requirements Test C
Page 71 and 72: Table E-7. IPv6 Requirements (conti
Page 73 and 74: NOTE 2: There is no requirement tha
Page 85 and 86:
Table E-7. IPv6 Requirements (conti
Page 87 and 88:
Page 89 and 90:
Page 91 and 92:
Page 93 and 94:
Page 95 and 96:
Page 97 and 98:
Page 99 and 100:
Page 101 and 102:
Page 103 and 104:
Page 105 and 106:
Page 107 and 108:
Page 109 and 110:
106 (continued) Table E-7. IPv6 Req
Page 111 and 112:
Page 113 and 114:
Page 115 and 116:
Page 117 and 118:
Page 119 and 120:
3. Post Test. An IA Assessment Draf
Page 121 and 122:
7. System Under Test (SUT) Test Pro
Page 123 and 124:
Table E-9. TCP Sweep Test Procedure
Page 125 and 126:
Table E-12. Service Enumeration Tes
Page 127 and 128:
types of applications they are desi
Page 129 and 130:
(SQL) injection through web interfa
Page 131 and 132:
• Use TCP fragments in reverse or
Page 133 and 134:
Locater (URL) encoding string, sess
Page 135 and 136:
Figure E-8. Function Keys (3) Captu
Page 137 and 138:
1. Level 1 - T1/E1 Signal, Sync AIS
Page 139 and 140:
(d) Add additional Information Elem
Page 141 and 142:
(10) Key - F10 - Help. See Figure E
Page 143 and 144:
Figure E-21. Configuration Level 3
Page 145 and 146:
Figure E-25. Configure Level 1 (3)
Page 147 and 148:
f. SS7 Examples (1) SS7 Network Exa
Page 149 and 150:
APPENDIX F DOD INFORMATION ASSURANC
Page 151 and 152:
The DIP should contain the followin
Page 153 and 154:
APPENDIX G REFERENCES Department of
Page 155 and 156:
Napier, Michael JITC Action Officer
show all

DEFENSE SWITCHED NETWORK INFORMATION ASSURANCE ...

Create successful ePaper yourself

Delete template?

Save as template?