IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

Safeguard Catalogue - Organisation Remarks<br />

____________________________________________________________________ .........................................<br />

<strong>The</strong> following combinations are possible:<br />

Konfiguration 1:<br />

Konfiguration 2:<br />

Packet Filter Pack et Fil ter<br />

zu<br />

unsicheres<br />

schützendes<br />

Packet Filter Packet Filter<br />

Netz<br />

zu<br />

Netz<br />

unsi cher es<br />

schützendes<br />

Netz<br />

Netz<br />

Application-<br />

Gateway<br />

Appl ic ation-<br />

Gateway<br />

Konfiguration 3:<br />

Konfiguration 4:<br />

zu<br />

Pack et Fil ter<br />

unsicheres<br />

schützendes<br />

zu<br />

Pack et Fil ter<br />

Netz<br />

Netz<br />

unsicheres<br />

schützendes<br />

Netz<br />

Netz<br />

Appl ic ati on-<br />

Gateway<br />

Appl ic ati on-<br />

Gateway<br />

Konfiguration 5:<br />

Konfiguration 6:<br />

zu<br />

Packet Filter<br />

unsicheres<br />

schützendes<br />

Netz<br />

Netz<br />

Packet Filter<br />

zu<br />

schützendes<br />

Netz<br />

Application-<br />

Gateway<br />

unsicheres<br />

Netz<br />

Appl ic ati on-<br />

Gateway<br />

<strong>The</strong> following is a list of the advantages and disadvantages<br />

of the various configurations.<br />

Exclusive use of a Packet Filter<br />

Advantages:<br />

- - easy to implement as the functionality is supplied by many routers<br />

- - easy to extend for new services<br />

Disadvantages:<br />

- - IP spoofing might be possible<br />

- - all services to be permitted must be secure on all computers which<br />

can be reached<br />

- - complex filter rules<br />

- - no test possibilities. In particular, it is not possible to determine<br />

whether the order of filter rules has been changed, which occurs with<br />

some routers in order to increase the data throughput<br />

- no sufficient logging possible<br />

This configuration can only be used in small networks where all computers are<br />

protected against attacks.<br />

Dual-homed Gateway<br />

Advantages:<br />

- extensive logging possible<br />

- internal network structure is concealed<br />

Disadvantages:<br />

- relatively high price (as a powerful computer with two network<br />

interfaces is required)<br />

- problems with new services<br />

- take-over of the application gateway by the attacker leads to total<br />

loss of security<br />

Additional protection can be obtained by using a packet filter in front of the<br />

gateway, e.g. using an existing router. In this case, the router and gateway<br />

must be penetrated in order to gain access to the network.<br />

Screened Sub-net<br />

Advantages:<br />

- no direct access to the gateway possible (with configuration 1 and 2)<br />

- internal network structure is concealed<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!