IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

START NOW

Safeguard Catalogue - Organisation Remarks<br />

____________________________________________________________________ .........................................<br />

<strong>The</strong> illustration shows functional units, some of which can be joined<br />

together to form one unit (see Fig. 2), although this gives rise to additional<br />

security problems. <strong>The</strong> otherwise secure application gateway can, for<br />

example, be open to attack after it assumes the functions of the external<br />

DNS server if the DNS software contains an error.<br />

Configuration of information servers<br />

<strong>Information</strong> servers which provide information to external users must be<br />

outside the firewall and be considered in the same way as other servers in the<br />

external network. <strong>The</strong> management of these should either be local or via<br />

special time-limited accesses from the protected network. <strong>The</strong> data should be<br />

on write-protected data media.<br />

In the event that some data should only be available for the user of the<br />

network to be protected, it is sensible to use further information servers<br />

in the internal screened sub-net (see Fig. 1). <strong>The</strong>se data are then not<br />

accessible from outside and are protected against internal attacks by the<br />

packet filter.<br />

net to be<br />

protected<br />

internal<br />

DNS server<br />

internal<br />

DNS server<br />

packet filter packet filter<br />

application gateway<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000<br />

external mail server<br />

&<br />

external DNS server<br />

info server<br />

insecure<br />

network<br />

Figure 2: Screened sub-net with application gateway on a separate router<br />

interface.<br />

<strong>The</strong> illustration shows functional units, some of which can be joined<br />

together to form one unit. This is shown by the external mail and DNS<br />

server.<br />

Configuration of the mail servers<br />

A mail server within the protected network is used for the management of the<br />

alias data base, which is for the purpose of transforming user addresses to a<br />

unified format, for a POP daemon or as a gateway for the connection to<br />

another mail system (e.g. X.400). All internal mail is sent to this server and<br />

then passed on to the outside via an external mail server.<br />

<strong>The</strong> external mail server in the external screened sub-net creates the<br />

connection with external computers and accepts the mail from here so that the

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!