IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

START NOW

Safeguard Catalogue - Organisation Remarks<br />

____________________________________________________________________ .........................................<br />

S 2.77 Secure configuration of other components<br />

Initiation responsibility: Head of <strong>IT</strong> Section, <strong>IT</strong> Security Management<br />

Implementation responsibility: <strong>IT</strong> Security Management, Administrators<br />

In addition to the installation and operation of the firewall, other components<br />

for the communication between the protected and the external network must<br />

be correctly configured. <strong>The</strong>se include, for example, information servers for<br />

the provision of information to internal or external users, mail servers and<br />

DNS servers.<br />

When configuring the components, a distinction should be made as to whether<br />

these are to be set up in the protected network, in the screened sub-net or on<br />

the external side of the firewall. To allow a clear distinction to be made, the<br />

area between the inner packet filter and the application gateway is referred to<br />

as internal screened sub-net, the area between the application gateway and the<br />

external packet filter is referred to as external screened sub-net.<br />

External Accesses<br />

Other external accesses to the network requiring protection, e.g. with telnet via<br />

a modem pool, should be treated as accesses from the insecure network. This<br />

can be achieved, for example, by installing a terminal server with connected<br />

modems on the external side of the firewall so that access to the internal<br />

computer can only be carried out via Telnet. If virtual private networks<br />

(VPNs) are in use, it might be advisable to provide the required access via an<br />

additional interface on the application gateway.<br />

Clear regulations must be made so that no external accesses can be created<br />

bypassing the firewall. <strong>The</strong>se regulations must be made known to all<br />

employees. It must be ensured that both the <strong>IT</strong> Security Management and the<br />

firewall Administrator are informed of relevant plans in good time in order to<br />

guarantee inclusion in the <strong>IT</strong> security concept and the firewall security policy.<br />

net to be<br />

protected<br />

internal<br />

mail server<br />

packet filter packet filter<br />

internal<br />

info server<br />

internal<br />

DNS server<br />

centrally managed<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000<br />

Dual-homed<br />

Application<br />

Gateway<br />

external<br />

mail server<br />

external<br />

info server<br />

external<br />

DNS server<br />

Figure 1: Screened sub-net with dual-homed gateway.<br />

insecure<br />

network

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!