IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

START NOW

Safeguard Catalogue - Organisation Remarks<br />

____________________________________________________________________ .........................................<br />

S 2.76 Selection and implementation of suitable filter<br />

rules<br />

Initiation responsibility: Head of <strong>IT</strong> Section, <strong>IT</strong> Security Management<br />

Implementation responsibility: Administrators<br />

Establishing and updating filter rules for a firewall is not a simple matter. <strong>The</strong><br />

administrator must have an in-depth knowledge of the protocols used and be<br />

trained accordingly.<br />

When establishing the filter rules, the following points should be observed:<br />

- <strong>The</strong> rules should be formulated in such a way that all accesses which are<br />

not explicitly allowed are forbidden.<br />

- If user-specific authentication is required, it must be clarified which users<br />

are in the inner network, which services they may use and which<br />

authentication processes are to be used.<br />

- All computers in the inner network must be taken into consideration.<br />

- It must be determined which services are to be available at what times. If<br />

an organisation has fixed working times and employees are only present<br />

between 7 am and 7 pm, for example, no connection should be established<br />

outside the usual working times.<br />

<strong>The</strong> filter rules should be summarised in a table, with one axis representing the<br />

destination computer addresses, and the other axis the source computer<br />

addresses. <strong>The</strong> entries contain the permissible port numbers, the top one being<br />

the source port, the lower the destination port. Packet filters can check the<br />

packets immediately after receipt or before rerouting them. Here, filtering<br />

should be performed for the packets entering the packet filter. Furthermore,<br />

the packet filter should be configured in such a way that only the addresses of<br />

the computers connected to the interface are permitted as the sender address.<br />

Addresses connected with other interfaces are not permitted. This reduces the<br />

threat of IP spoofing attacks.<br />

Example:<br />

<strong>The</strong> following table contains filter rules for the internal interface of a packet<br />

filter between an internal network and a screened sub-net i.e. a sub-network<br />

located between the internal and the external network and which monitors the<br />

connections between them (see Fig. 1 in S 2.77 Secure Configuration of Other<br />

Components).<br />

<strong>The</strong> entries contain the permissible connections, the upper entry being the<br />

source port, the lower being the destination port.<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!