IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

Safeguard Catalogue - Organisation Remarks<br />

____________________________________________________________________ .........................................<br />

between any two terminal devices. Furthermore, it is necessary to document<br />

the configurations of the active network components used for forming the<br />

segments. This can involve the configuration files in the case of logical<br />

segmentation, and the actual configuration of the network components in the<br />

case of physical segmentation.<br />

Survey of the network protocols in use<br />

<strong>The</strong> network protocols used in the individual segments of a network as well as<br />

the configurations required for this purpose (e.g. the MAC addresses, IP<br />

addresses and subnet masks for the IP protocol) need to be determined and<br />

documented. <strong>The</strong> documentation should provide details on which services are<br />

authorised (e.g. HTTP, SMTP, Telnet), and which services are filtered in<br />

accordance with which criteria.<br />

Survey of the LAN /WAN connections<br />

<strong>The</strong> LAN / WAN connections are to be described, if they have not already<br />

been documented. For every LAN / WAN connections between two networks,<br />

details must be provided on:<br />

- Which transmission routes are used for this purpose (e.g. wireless<br />

communications route for a LAN/LAN link)<br />

- Which communication partners and services are permitted in which<br />

directions on such routes<br />

- Who is responsible for their technical implementation.<br />

This should also include a documentation of the WAN protocols in use (e.g.<br />

ISDN, X.25). If firewalls are employed (refer to Chapter 7.3 Firewalls), their<br />

configuration must also be documented (e.g. filter rules).<br />

Survey of the actual network performance and traffic flow<br />

<strong>The</strong> network performance must be measured and the traffic flow between the<br />

segments or subnetworks must be analysed. Corresponding measurements<br />

need to be performed for each network protocol in use.<br />

Any time the network environment is modified, the above mentioned surveys<br />

are to be repeated. <strong>The</strong> documentation prepared as part of these surveys must<br />

be stored so that it is protected against access by unauthorised parties, but<br />

readily available for the security management and administrators.<br />

Additional controls:<br />

- Are performance measurements and traffic-flow analyses conducted<br />

regularly?<br />

- Is the documentation updated on a regular basis?<br />

- Is the documentation also clear and understandable for third parties?<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!