IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

Safeguard Catalogue - Communications Remarks<br />

____________________________________________________________________ .........................................<br />

S 5.62 Suitable logical segmentation<br />

Initiation responsibility: Head of <strong>IT</strong> Section, <strong>IT</strong> Security Management<br />

Implementation responsibility: Administrators<br />

With the help of appropriate network components, it is possible to segment a<br />

network logically even if a fixed physical segmentation is already in effect.<br />

This can be achieved using switches which operate on layers 2 and 3 of the<br />

OSI model. As these switches recognise the protocols used on layers 2 and 3,<br />

virtual LANs (VLANs) can be formed by controlling the data flow between<br />

the switch ports. This makes it possible to create network groups which are<br />

not mapped as such by the physical segmentation. In particular, this allows a<br />

quick and dynamic formation and rearrangement of groups without any<br />

modifications to the physical layout of the network. As in the case of physical<br />

segmentation on layers 2 and 3, criteria concerning confidentiality, availability<br />

and integrity are also to be applied here. Criteria for suitable logical<br />

segmentation can be applied similar to the criteria for physical segmentation.<br />

<strong>The</strong> following illustration shows one possibility of forming a VLAN with the<br />

help of several layer-3 switches. <strong>The</strong> physical links between the stations and<br />

the switches are represented by the connecting lines. Logical segmentation is<br />

performed through grouping into VLANs using switches.<br />

VLAN 1<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000<br />

VLAN 2<br />

VLAN 3<br />

Figure 1: Formation of VLANs using several switches<br />

If the VLAN structure shown in Figure 1 were to be achieved by means of a<br />

conventional physical segmentation, the layout shown in Figure 2 would be<br />

the result. <strong>The</strong> individual LANs can be mapped here by means of shared<br />

Ethernet segments, for example, and linked together with a bridge.

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!