IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

Safeguard Catalogue - Organisation Remarks<br />

____________________________________________________________________ .........................................<br />

S 2.72 Requirements on a firewall<br />

Initiation responsibility: Head of <strong>IT</strong> Section, <strong>IT</strong> Security Management<br />

Implementation responsibility: <strong>IT</strong> Security Management, Administrators<br />

Before purchasing a firewall, the following points should be taken into<br />

consideration:<br />

- It must be possible to conceal the structure of the network requiring<br />

protection (computer number, name and mail addresses) so that no<br />

conclusions can be drawn regarding the internal network structure and the<br />

internal users. This can be achieved by using an application gateway, for<br />

example, and two DNS servers.<br />

- <strong>The</strong> firewall should be able to protect certain computers against attacks<br />

without these computers having to be in the network requiring protection.<br />

No user-specific filter rules have to be established for these computers.<br />

This can be, for example, information servers connected to a dedicated<br />

interface of a packet filter or the application gateway (multi-homed<br />

gateway) (see also S 2.77 Secure Configuration of Other Components).<br />

- <strong>The</strong> components must be centrally administered via a trustworthy path (e.g.<br />

via a separate network or an encoded connection) and they must be<br />

understandable (e.g. via a graphic interface on a separate computer).<br />

Administration should be performed on a separate computer, i.e. the<br />

required management platform should be on a separate computer so that no<br />

complex and thus error-prone software, such as X-Windows, has to be on<br />

the firewall.<br />

- A firewall configuration which consists of at least two separate units is<br />

recommended. <strong>The</strong> units must be arranged one after the other so that both<br />

units must be passed for a connection between the two networks. <strong>The</strong> units<br />

should work with different operating systems and different formats for the<br />

description of filter rules.<br />

<strong>The</strong> two units can, for example, be a packet filter and an application<br />

gateway. This ensures that errors made during the administration of a<br />

component can be intercepted by the other correctly configured<br />

component.<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!