IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

Threats Catalogue Deliberate Acts Remarks<br />

____________________________________________________________________ .........................................<br />

T 3.29 Lack of, or unsuitable segmentation<br />

Local networks can be segmented physically by active network components,<br />

or logically by means of an appropriate VLAN configuration. In this case the<br />

connected <strong>IT</strong> systems of a network are distributed among various segments.<br />

This not only improves the load sharing within the network, but also facilitates<br />

the administration.<br />

However, the following specific threats can arise here:<br />

- Loss of availability<br />

<strong>The</strong> higher the number of <strong>IT</strong> systems within a layer-2 segment, the greater<br />

the network load in this segment. This can severely impair the availability<br />

of the network segment or even cause an overload situation or a<br />

breakdown. In the case of CSMA/CD-based network access protocols (e.g.<br />

Ethernet) this also results in more frequent collisions which reduce the<br />

available bandwidth. Inadequate segmentation can also take place, if<br />

systems are separated by active network components based on layer 2 or 3,<br />

causing high network traffic by communicating with each other.<br />

- Insufficient protection of confidentiality<br />

To ensure that confidential data is protected, the number of users granted<br />

access to it should be restricted to a minimum. Consequently, the size of<br />

broadcast-domains should be kept as small as possible. However, if the<br />

specific segments have been configured inadequately, unauthorised users<br />

might also be able to view and examine confidential data during<br />

transmission.<br />

Examples:<br />

- Two <strong>IT</strong> systems which exchange high amounts of data are separated by a<br />

router. This might result in unsuitable segmentation, as data needs to be<br />

transmitted via the router, which is relatively slow.<br />

- Two <strong>IT</strong> systems exchanging passwords and other sensitive information<br />

frequently are separated by a bridge. This means that the network traffic<br />

could be monitored in both segments. Limitation of the network traffic<br />

between the two <strong>IT</strong> systems to one segment would protect the<br />

confidentiality of the data to a greater extent.<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!