DMZ Design Review Guidelines-Sanitized

DMZ Design Review Guidelines
DMZ Architecture
For
Company
Prepared By
Scott Hogg
Date

December 3, 2001
1
Distribution List
Name Title/Duties ompany
Revision !istory
"ersion Date #ut$or omments
1.0 11/13/2001 Scott Hogg Initial Draft
1.1 11/12/2001 Scott Hogg Preliminary Review/Format
1.2 11/26/2001 Scott Hogg Review Cange!
2.0 11/2"/2001 Scott Hogg Final Draft
2.1 12/3/2001 Scott Hogg Final Doc#ment
ii
T#BL% &F &NT%NT'
()* +ntrodu,tion))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))(
-)* 'e,urity Li.e,y,le Met$odology))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))-
/)* DMZ Design Review Guidelines)))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))0
3.1 Definition!...............................................................................................................$
3.2 Controlle% Pat an% Facilitie!..................................................................................6
3.3 &etwor' (r#!t Relation!i)!...................................................................................6
3.* D+, Policy............................................................................................................."
3.$ Sec#re Internet Service!..........................................................................................-
3.6 .#tentication........................................................................................................11
3." /ncry)tion (ecnologie!.......................................................................................12
3.- Doc#mentation.......................................................................................................13
3.0 Revi!ion Control....................................................................................................13
3.10 D+, Ho!t Har%ening..........................................................................................13
3.11 Server (y)e Categorie!........................................................................................1*
3.12 Firewall Config#ration 1#i%eline!......................................................................1*
3.13 D+, .%mini!tration ..........................................................................................16
3.1* Py!ical Firewall Sec#rity...................................................................................1-
3.1$ Firewall 2ogging 3 Inci%ent Han%ling...............................................................10
3.16 4)gra%ing te Firewall........................................................................................20
3.1" Intranet Firewall!.................................................................................................21
3.1- 4!er 1#i%eline!...................................................................................................21
3.10 Data5a!e Sy!tem Sec#rity....................................................................................21
3.20 Partner &etwor'!.................................................................................................22
3.21 Intr#!ion Detection..............................................................................................23
3.22 /6ce)tion! to te D+, De!ign Review..............................................................23
3.23 Doc#ment Hi!torical De!ign Deci!ion!...............................................................2*
iii
1.0 Introduction
(i! %oc#ment %etail! te g#i%eline! for ma'ing %eci!ion! regar%ing D+, arcitect#re
%e!ign!. (e!e g#i%eline! are inten%e% for #!e 5y a Sec#rity De!ign Review 7oar% 8SDR79
to eval#ate te !ec#rity of new %e!ign! an% in!#re tat tey are con!i!tent wit te target
D+, arcitect#re. (e!e g#i%eline! !o#l% 5e con!i%ere% 5y to!e ma'ing %eci!ion! to
)ermit im)lementation! of e:#i)ment an% !y!tem! into a D+, arcitect#re.
;en te!e g#i%eline! are met< a %e!ign i! a))rove% to )rocee% tro#g to im)lementation.
(e gro#) cam)ioning te %e!ign will ten ta'e te im)lementation )lan! #) in front of a
cange control a))roval 5oar%. (e g#i%eline! in ti! %oc#ment are inten%e% to fee% into
te!e e6i!ting )roce!!e!.
7elow are a li!t of te!e review 5oar%! an% wat teir foc#! i!.
(ecnology=
/nter)ri!e &etwor' (ecnology .%vi!ory 1ro#) 8/&(.19=
(i! organi>ation i! a ig?level tecnology review 5oar%. (i! gro#)
eval#ate! tecnologie! for teir #!e wit te oter Information (ecnology 8I(9
!y!tem! te cor)oration alrea%y a! in )lace. (i! gro#) con!i%er! arcitect#re an%
te !trategic a!)ect! of I(.
De!ign/.rcitect#re=
/6ternal .rcitect#re De!ign Review 7oar% 8/.DR79=
(i! gro#) a))rove% %e!ign! tat are relate% to te e6ternal/D+,!. (i! i! a
cange 5oar% for new )ro@ect! tat are inten%ing to move/a%%/cange !y!tem!
to#cing e6ternal connectivity to te wole com)any. (eir foc#! incl#%e! te
o)erational eval#ation of new !y!tem! an% ow tey affect te !ec#rity )erimeter of
te cor)oration.
Internal .rcitect#re De!ign Review 7oar% 8I.DR79=
(i! gro#) )erform! te !ame f#nction a! te /.DR7< 5#t i! foc#!e% on te
internal I( !y!tem! of te com)any.
Sec#rity De!ign Review 7oar% 8SDR79=
(i! organi>ation i! a %e!ign review 5oar% tat i! foc#!e% on !ec#rity?relate%
)ro@ect! an% %e!ign!. (i! gro#) will eval#ate te !ec#rity of new %e!ign! an% ma'e
!#re all new !y!tem! meet te !ec#rity g#i%eline! %etaile% in ti! %oc#ment.
Im)lementation=
Cange Control/.))roval 7oar%=
(i! gro#) a))rove! any im)lementation move!/a%%!/cange! tat will ta'e
)lace on any I( !y!tem! internal or e6ternal tro#go#t te entire com)any.
1
2.0 Security Lifecycle Methodology
(i! !ection of te %oc#ment %etail! te )ilo!o)ie! an% a))roace! tat will 5e #!e% wen
con!i%ering te networ' an% !y!tem! !ec#rity for te com)any.
(e !ec#rity )roce!! i! a circ#lar )roce!!< em5o%ying )er)et#ate% vigilance an% rea!!e!!ment
of te con%ition! #n%er wic it m#!t )erform. 7elow i! a ta5le of te 'ey )a!e! of te
!ec#rity )roce!! an% a )ict#re tat ill#!trate! te !tate tran!ition %iagram for te!e )a!e!.
P$ase Des,ription
Pre%iction .!!e!!ing te )at! an% v#lnera5ilitie! tat )otential attac'er! will traver!e
Di!covery (#rning te )re%iction! into 'nown fact! a5o#t te networ' tro#g a#%iting
Prevention Removing or limiting v#lnera5ilitie! an% )lacing !afeg#ar%! aro#n% te!e
Detection +onitoring an% analy!i! for #n%e!ira5le event!
Re!)on!e Contingencie!< )olicie!< an% )roce%#re! for reacting to an inci%ent in )rogre!!
Recovery Pro)er )roce%#re! for recovery an% retrieval after a !ec#rity inci%ent
RECOVERY
PREDICIO!
DISCOVERY
PREVE!IO!
DEECIO!
RESPO!SE

(i! lifecycle e6i!t! 5ot at a macro level an% a micro level. .t te macro level< c#rrently
te com)any i! in te Pre%iction an% Detection !tage! of teir !ec#rity %e)loyment. ;ile at
te micro level te networ' !ec#rity )er!onnel witin te com)any will go tro#g ti!
lifecycle !everal time! eac %ay.
2
(ere are many )ilo!o)ie! of !ec#rity. Here are !ome of te a!!#m)tion! tat are ma%e 5y
!#cce!!f#l networ' !ec#rity )ractitioner!.
Always assume that the enemy is better equipped, has more time, and is smarter that you are.
If one a!!#me! tat tey are !marter or more creative tan teir attac'er< one i! !etting
tem!elve! #) for fail#re. .n attac'er i! more li'ely to ta'e a)art loc' ver!#! a 5r#te force
attac' of ma'ing lot! of 'ey! an% trying tem all one 5y one.
Assume that the networ audit systems won!t detect a cra"ty intruder.
.ttac'er! wit lot! of time can !nea' attac'! A#n%er te ra%arB 5y !lowly an% meto%ically
%i!covering an% ta'ing te !y!tem! a)art.
Assume all tra""ic has been sni""ed.
It i! very ea!y to interce)t networ' traffic !o if one follow! ti! r#le an% #!e! encry)tion< tey
ave little to worry a5o#t.
Assume all pieces o" so"tware ha#e at least one undocumented #ulnerability that the attacer
nows.
If te !ec#rity )rofe!!ional a! )ro)erly create% !mall >one! of control ten tey ave
minimi>e% an% limite% te e6tent of an attac'.
Assume e#ery system will be compromised.
If one !tart! wit ti! a!!#m)tion< ten one can wor' on minimi>ing te %owne% !y!tem!
effect an% not A)#t all teir egg! in one 5a!'etB.
Assume all authentication systems can be bypassed.
It i! )r#%ent to create a )lan for a%e:#ate fail?over of all !y!tem!.
(ere are many oter !ec#rity )ractice! tat are 5eneficial to follow. .noter way of loo'ing
at te !it#ation i! ill#!trate% in te following ta5le.
Sec#rity Strategie! De!cri)tion
2ea!t )rivilege Cnly te )rivilege! nee%e% are grante% an% no more
Defen!e in %e)t 4!e m#lti)le !ec#rity mecani!m! tat 5ac' #) eac oter
Co'e )oint Define a narrow cannel yo# can monitor an% control
3
;ea'e!t lin' Cain i! only a! !trong a! it! wea'e!t lin'
Fail?!afe !tance So#l% fail in !#c a way tat it %enie! acce!! to an attac'er
4niver!al )artici)ation .ll m#!t )artici)ate in te !ec#rity !trategy
Diver!ity of %efen!e 1et a%%itional !ec#rity from #!ing a n#m5er of %ifferent ty)e!
of !y!tem!
Sim)licity DonDt ma'e it more com)licate% tan it nee%! to 5e
Sec#rity tro#g o5!c#rity &o e6c#!e for a lac' of !ec#rity
It i! ea!y to ma'e a very !trong !ec#rity !y!tem an% e!!entially 5loc' o#t even te legitimate
#!er! of a !y!tem. Eo# can ma'e a !y!tem !o im)enetra5le tat not even te management
!y!tem! can monitor it or maintain it. It m#!t 5e mentione% tat !ec#rity !y!tem! !o#l% 5e
5alance% again!t f#nctionality an% managea5ility.
(ere are !everal !y!tem an% networ' %e!ign )ractice! tat are im)ortant to #!e in %e!igning
a !ec#re environment. (e!e )rinci)le! are=
1. Princi)le of 2ea!t Privilege ? a #!er or !y!tem !o#l% 5e )rovi%e% wit te minim#m
!et of acce!! )rivilege! re:#ire% to wor' effectively an% efficiently.
2. C)en De!ign ? te !y!tem or networ' !o#l% 5e %e!igne% !o tat if a com)onent i!
cange% in one !y!tem te !ec#rity level %oe! not cange an% %oe! not im)act
comm#nication! wit oter !y!tem! acro!! networ'!.
3. Fail#re C)eration! ? te !y!tem! !o#l% 5e %e!igne% !o tat if com)onent! or !oftware
fail!< te !ec#rity !afeg#ar%! are not com)romi!e%. F#rter< if remote re!tart i! #!e%
te !y!tem !o#l% ret#rn to te )ro)er !ec#re config#ration an% not to a ven%or?
!#))lie% %efa#lt config#ration.
*. Fee) te %e!ign !im)le ? Sim)ler %e!ign! are ea!ie!t to in!tall an% maintain an% tat
incl#%e! te !ec#rity com)onent! of a %e!ign.
$. /fficient< ea!y?to?#!e #!er interface ? If te !ec#rity !afeg#ar%! )lace a 5#r%en #)on
te #!er!< te #!er! will try to circ#mvent te !ec#rity !afeg#ar%!.
6. Con!i!tent !ec#rity !afeg#ar%! ? te !ec#rity !afeg#ar%! m#!t 5e con!i!tent %#ring
time! of f#ll o)eration< %egra%e% o)eration!< an% fail#re.
If te com)any im)lement! teir !ec#rity !y!tem! wit te a5ove?mentione% i%ea!< ten te
!y!tem! will 5e !trong eno#g to re)el or %i!co#rage mo!t attac'er!.
".0 DM# De$ign Re%ie& 'uideline$
(i! i! te main !ection of ti! %oc#ment tat %etail! te g#i%eline! tat will a!!i!t a Sec#rity
De!ign Review 7oar% 8SDR79. (e!e g#i%eline! will a!!i!t in ma'ing !o#n% %eci!ion! wen
con!i%ering te !ec#rity of move!/a%%!/cange! to %e!ign! an% ma'e !#re tey are con!i!tent
wit te D+, arcitect#re.
*
".1 Definition$
(e term AIntranetB i! #!e% to refer to all interior networ'! tat are )y!ically controlle% 5y
te com)any an% )o)#late% eiter 5y te com)any em)loyee! an% !erver!< or a#tori>e%
em)loyee! or !erver! 5elonging to contractor!. .lto#g te com)any Intranet i! %i!tri5#te%
acro!! m#lti)le !ite!< te!e !ite! are )y!ically !ec#re< ma'ing it relatively ea!y to maintain
networ' !ec#rity.
(e term Ae6tranetB refer! to connectivity 5etween te com)any Intranet an% !y!tem! tat are
locate% o#t!i%e of te com)anyD! facilitie!. (i! incl#%e! !ervice! !#c a! em)loyee remote
acce!!< /?7an'ing< an% tir% )arty connectivity< an% te %eman% for !#c !ervice! i!
con!tantly growing. 7eca#!e te Ae6ternalB !y!tem! are not #n%er te %irect control of te
com)any < a variety of !o)i!ticate% !ec#rity )olicie!< tecnologie!< an% )roce!!e! are
nece!!ary to )rovi%e 5ot !afe an% efficient e6tranet acce!!. (i! ca)ter intro%#ce! te
com)onent! #!e% to 5#il% a !ec#re Internet infra!tr#ct#re< followe% 5y a %e!cri)tion of te
com)any D! Stan%ar% .cce!! Infra!tr#ct#re an% te relevant )olicie!.
Internal networ' &etwor' were tere i! a #ni:#e acco#nta5ility for all
networ' an% !ec#rity management. (e re!)on!i5le
organi>ation a! to 5e )art of a com)any 5#!ine!! #nit.
/6ternal networ' .ny networ' from te view of a )artic#lar internal
networ'.
(r#!te% e6ternal networ' /6ternal networ' tat !are! te !ame !ec#rity level 8i.e.
g#arantee% 5y a m#t#al !et of %irective! or a !igne%
contract< wic force! te 5#!ine!! )artner to a))ly te
!ame !ec#rity )rinci)le!9 wit an internal networ'. From
te view of a )artic#lar internal networ' any oter
internal networ' i! con!i%ere% a! a tr#!te% e6ternal
networ'.
4ntr#!te% e6ternal networ' /6ternal networ' tat !are! an #n%efine% relation!i)
wit a )artic#lar internal networ' regar%ing !ec#rity
g#arantee!.
.nonymo#! relation &on?a#tenticate% connection from an #ntr#!te% e6ternal
networ'.
4ntr#!te% relation .#tenticate% connection from an #ntr#!te% e6ternal
networ'.
(r#!te% relation .#tenticate% connection from a tr#!te% e6ternal
networ'.
Firewall !y!tem . !et of com)onent!< wic )rotect! a networ' again!t
malicio#! attac'! from e6ternal networ'!. .! a r#le it
con!i!t! of ro#ting facilitie! an% one or more a))lication
gateway!.
Demilitari!e% >one 8D+,9 Part of te firewall !y!tem. . !e)arate networ' !iel%e%
from 5ot te internal an% te e6ternal networ'.
4ntr#!te% relation! firewall
!y!tem
Firewall !y!tem on te 5o#n%ary to an #ntr#!te% e6ternal
networ'.
$
(r#!te% relation! firewall
!y!tem
Firewall !y!tem on te 5o#n%ary to a tr#!te% e6ternal
networ'.
Girt#al )rivate networ' 8GP&9 . virt#al !#5networ' were !ome control! en!#re
confi%entiality an% tat only te networ' no%e! witin
te GP& can comm#nicate wit eac oter.
Sec#re comm#nication cannel Connection 5etween client an% !erver< wic i! !ec#re%
accor%ing to !tan%ar%i>e% comm#nication !ec#rity
!)ecification! 8e.g. SS29.
/nforce% )at Controlle% ro#te from te #!er terminal to te com)#ter
!ervice.
(r#!t level Define%< agree% an% %oc#mente% level of !ec#rity
g#arantee!.
Strong a#tentication )roce!! .#tentication )roce%#re< wic incl#%e! !ome 'in% of
'ey ol%ing to'en in a%%ition to a )er!onal i%entification
n#m5er an% a )a!!wor%.
/ntry !erver . igly !ec#re a))lication level )ro6y gateway in te
D+,< wic )erform! !ome a%%e% !ec#rity f#nction!
8e.g. a#tentication an% !e!!ion control9.
".2 Controlled P(th (nd )(cilitie$
Con!i%eration !o#l% 5e given 5y te SDR7 to !ec#rity %e!ign! an% te )at te %ata i!
flowing. Some a!!#rance i! given to te !ec#rity of te !y!tem if te com)any control! te
entire en%?to?en% )at of te %ata. (at i! if te com)any control! te facilitie!< 5#il%ing!<
te ;.& circ#it!< te networ' element!< an% te en% o!t!< ten tere i! confi%ence tat tey
control all !y!tem! an% te !y!tem! all fall #n%er te cor)orate !ec#rity g#i%eline!. It i! only
wen te!e com)any I( facilitie! interface wit an e6ternal organi>ation %oe! e6tra care nee%
to 5e given to te !ec#rity.
.noter )oint to con!i%er i! were te connection! originate an% terminate. (ere i! an
im)ortant %i!tinction ma%e 5etween connection! tat originating from in!i%e te com)any
an% go e6ternal ver!#! connection! tat originate e6ternally.
. connection i! )ermitte% if it originate% from witin te com)any an% goe! e6ternally to te
Internet an% a%ere! to te !ec#rity )olicie! of te cor)oration.
If a connection originate! e6ternally an% terminate! on a com)any facility ten !ec#rity
mea!#re! !o#l% 5e in )lace to enforce te cor)orate !ec#rity )olicy.
"." !et&or* ru$t Rel(tion$hi+$
/ac of te %ifferent ty)e! of com)any networ'! a! a %ifferent level of Atr#!tB. For
e6am)le< te tr#!t of te Internet i! far %ifferent tan te tr#!t level of te com)any intranet.
(erefore< at eac of te!e tr#!t 5o#n%arie! tere m#!t 5e !#fficient !ec#rity )rotection
6
mecani!m! to en!#re tat te !ec#rity )olicie! are enforce%. (e!e 5o#n%arie! are
!ometime! referre% to a! A>one! of controlB
7eca#!e te com)any a! a 5#!ine!! nee% to comm#nicate 5etween te!e %ifferent networ'!
we m#!t allow tr#!t relation!i)! to form 5etween te!e networ'!. In or%er to )revent te!e
tr#!t relation!i)! from 5eing e6)loite% te SDR7 m#!t ma'e !#re tat te !ec#rity
arcitect#re i! a))ro)riate for te treat! tat e6i!t.
(r#!te% networ'! are networ'! tat !are an agree% #)on !et of common !ec#rity !ervice!.
4ntr#!te% networ'! are to!e tat %o not im)lement !#c !et! of common !ec#rity control!<
or were te level of !ec#rity i! #n'nown or #n)re%icta5le. Girt#al Private &etwor'! allow a
tr#!te% networ' to comm#nicate wit anoter tr#!te% networ' over #ntr#!te% networ'! !#c
a! te Internet. (i! !ection %efine! te com)anyD! g#i%eline! in te event tat 5#!ine!! nee%!
force tem)orary connection! wit 5#!ine!! )artner! or remote !ite! tat involve te #!e of
#ntr#!te% networ'!.
.ll connection! from te com)any networ' to e6ternal networ'! m#!t 5e a))rove% 5y te
SDR7.
.ll connection! to a))rove% e6ternal networ'! m#!t )a!! tro#g com)any a))rove%
firewall!.
.ll connection! an% acco#nt! relate% to e6ternal networ' connection! !o#l% 5e )erio%ically
reviewe%< an% !all 5e %elete% a! !oon a! tey are no longer re:#ire%. (e review! !o#l% 5e
no longer tan 6 mont! a)art.
.ny connection 5etween firewall! over )#5lic networ'! !all #!e encry)te% GP&! to en!#re
te )rivacy an% integrity of te %ata )a!!ing over te )#5lic networ'.
.ll GP& connection! !all 5e a))rove% 5y te SDR7.
.))ro)riate mean! for %i!tri5#ting an% maintaining encry)tion 'ey! !all 5e e!ta5li!e% )rior
to o)erational #!e of GP&!.
"., DM# Policy
(e com)any a! connecte% te internal )rivate 2.& to te Internet !o tat #!er! can ave
convenient acce!! to Internet !ervice!. Since te Internet i! an #ntr#!te% networ'< ti!
connectivity )lace! o#r )rivate !y!tem! at ri!' to mi!#!e an% attac'. . firewall i! a !afeg#ar%
#!e% to control acce!! 5etween a tr#!te% networ' an% a le!! tr#!te% one. (erefore< te
com)any #!e% a firewall to !e)arate te!e networ'! of %ifferent tr#!t level!.
(e firewall i! config#re% to %eny all !ervice! not e6)re!!ly )ermitte% an% i! reg#larly
a#%ite% an% monitore% to %etect intr#!ion! or mi!#!e.
.ll #!er! wo re:#ire acce!! to Internet !ervice! m#!t %o !o 5y #!ing com)any a))rove%
!oftware an% Internet gateway!.
"
4!er! m#!t not circ#mvent te firewall 5y #!ing mo%em! or networ' t#nneling !oftware to
connect to te Internet. If o#t!i%er! or remote #!er! can acce!! te internal networ'! wito#t
going tro#g te firewall< it! effectivene!! i! %il#te%.
Some )rotocol! ave 5een 5loc'e% or re%irecte%. If yo# ave a 5#!ine!! nee% for a )artic#lar
)rotocol< yo# m#!t rai!e te i!!#e wit yo#r manager an% te com)any &etwor' Service!
+anager. (e &etwor' Service! +anager a! te a#tority to )ermit firewall acce!! to new
!ervice!< 5#t m#!t mitigate te ri!' a!!ociate% wit )ermitting all Internet !ervice!.
(e firewall !all 5loc' all )rotocol ty)e! tat are 'nown to )re!ent !ec#rity treat! to te
firewall! connecte% networ'!.
".- Secure Internet Ser%ice$
7eca#!e networ' !ec#rity canDt re)lace %ata !ec#rity we m#!t ma'e !#re tat te %ata 5eing
e6cange% 5etween com)any !y!tem!< te D+,!< an% te Internet i! !ec#re%. (erefore it i!
#!ef#l to create a li!t of networ' !ervice!/a))lication! tat are )ermitte% to e6i!t an%
%oc#ment to!e tat are for5i%%en from r#nning on te D+,.
It i! a goo% i%ea to create a !et of common a))lication! tat are )ermitte% to r#n on D+,!.
(i! will el) to create a !im)ler %e!ign tat i! more managea5le an% 5e more %etermini!tic.
If te com)any can fit teir !ol#tion! #n%er a !maller !et of common a))lication! an% move
towar% tat mo%el te overall !ec#rity of te D+,! will im)rove. F#rtermore< 5y #!ing
firewall! tat !#))ort o5@ect oriente% config#ration it ma'e! management of te r#le?5a!e!
!im)ler. However< te com)any a! !tan%ar%i>e% on te Ci!co PIH firewall! an% tey %onDt
!#))ort ti! !tyle of config#ration. Ci!co Policy +anager !o#l% 5e #!e% to el) manage te
PIH config#ration!. It a! ca)a5ilitie! to gro#) an% comment te r#le?5a!e an% ma'e te
config#ration more managea5le.
(e fir!t )riority i! to )revent any internal %ata from a))earing witin a D+, tat %oe! not
5elong tere. 2i'ewi!e< a!!#rance m#!t al!o 5e )rovi%e% !o tat no #na#tori>e% Intranet
%ata i! re:#e!te% from te D+,. Finally< te D+, config#ration al!o re%#ce! te )otential
for #na#tori>e% internal acce!! or mo%ification! to !y!tem!.
.ll D+, firewall! m#!t 5e config#re% to %i!allow all connection!< oter tan to!e tat are
!)ecifically re:#ire%.
Here i! a li!t of a))lication! tat arenDt !#ita5le in a D+,. (e!e !ervice! are normally
5loc'e%.
Finger %i!)lay! information a5o#t a #!er on a !)ecific !y!tem r#nning te finger
!ervice
rlogin< re6ec< an% r! )ort! $13< $12< an% $1* can allow #na#tori>e% acce!! to o!t!
if im)ro)erly config#re%.
-
H ;in%ow< C)en;in%ow!< )ort! 6000I an% )ort 2000 can allow intr#%er! to !ee all
'ey5oar% an% !creen traffic an% even ca)t#re control. .! %e!cri5e% a5ove<
config#ring a firewall to allow te H11 )rotocol can )otentially allow an
#na#tori>e% connection< !o no %irect #!e of H11 i! allowe%. It i! )o!!i5le to
config#re SSH to !#))ort H11 traffic. If SSH 8or any oter a#tenticate% )rotocol9 i!
#!e% to a%mini!ter D+, !y!tem!< to!e a%mini!trator! may o)tionally #!e tat !ame
)rotocol a! a t#nnel for H11.
Remote Proce%#re Call 8RPC9< )ort 111< !ervice! incl#%ing &IS an% &FS can 5e #!e%
to ca)t#re )a!!wor%! an% to rea% an% write to file!.
(ft)< )ort 60 can 5e #!e% to rea% file! if te !y!tem i! incorrectly config#re%
+ntera,tive Proto,ols1 Telnet2 FTP2 ''!2 'P
4nfort#nately< AinteractiveB )rotocol! 8telnet< etc.9 cannot 5e com)letely )roi5ite% 5eca#!e
!erver! m#!t 5e a%mini!tere%. ;enever )o!!i5le< a%mini!trative connectivity !o#l% 5e
!trongly a#tenticate% 8te #!e of SSH an% SCP i! !trongly recommen%e%9.
.%mini!trative acce!! )rotocol acce!! m#!t only 5e allowe% from te %e!ignate%
a%mini!trative networ'!.
Firewall! m#!t 5e config#re% to )revent te initiali>ation of a%mini!trative )rotocol! from
in!i%e te D+,.
Management Proto,ols1 'NMP2 system ba,3up
&on?interactive management )rotocol! m#!t 5e controlle% in a !imilar fa!ion=
S&+P i! only allowe% 5etween te D+, an% te a%mini!tration networ' containing
management wor'!tation!.
Cnly incoming S&+P :#erie! are allowe%
(e )rotocol #!e% for !y!tem 5ac'#)! i! only allowe% 5etween te D+, an% te networ'
e6cl#!ively #!e% for !y!tem 5ac'#).
#ppli,ation Proto,ols1 !TTP2 !TTP'2 ++&P2 '4L5Net
Several %ifferent )rotocol! are !#ita5le for %ata comm#nication 5etween tier )roce!!or!.
H((P an% H((PS are #!e% 5etween te 5row!er an% te entry !erver< !o it i! not normally
#!e% 5etween D+,! or 5etween te D+, an% Intranet. IICP i! #!e% to !#))ort CCR7.
an% can 5e #!e% in con@#nction wit SS2 to )rovi%e !ec#rity !ervice!.
Cnly te !)ecific )rotocol! tat are nee%e% !o#l% 5e allowe%.
Different a))lication )rotocol! m#!t 5e #!e% on eac !i%e of a D+, 8to )revent attac'er!
from #!ing a D+, a! a gateway9
Pro)rietary )rotocol! m#!t 5e eval#ate% an% a))rove% 5efore #!e.
7elow i! a li!t of oter !ervice! tat are le!! %angero#! 5#t may 5e re!tricte% for oter
rea!on! a! follow!.
&&(P< )ort 110< for Internet &etwor' &ew!
8(e following !tan%ar%! for &&(P are only a))lica5le to #ntr#!te% relation! firewall
!y!tem!9.
Pro)agation of &&(P tro#g te firewall !y!tem! m#!t 5e )revente%.
0
&&(P !erver!< were in!talle%< m#!t 5e )lace% witin te D+,.
(e li!t of incl#%e% new!gro#)! m#!t 5e %oc#mente% an% a))rove% 5y te
cor)orationD! !ec#rity com)liance officer.
.cce!! to te &ew!Server m#!t 5e in armony wit te reg#lation! %efine% in te
com)any Internet Sec#rity Policy.
F(P< )ort! 20 an% 21 m#!t 5e re!tricte% to certain o!t!
8(e following !tan%ar%! for F(P are only a))lica5le to #ntr#!te% relation! firewall !y!tem!9.
Incoming file tran!fer! !o#l% 5e treate% a! e6ternal connection! an% nee% a))roval.
Incoming anonymo#! file tran!fer i! not )ermitte%.
(e F(P config#ration m#!t im)lement !#ita5le mea!#re! for )rotecting %ata
cannel!.
C#tgoing file tran!fer! 8to an e6ternal !erver9 are to 5e an%le% in accor%ance wit te
relevant com)any Internet Sec#rity Policy.
H((P< )ort -0< ;orl% ;i%e ;e5
;e5 ena5le% a))lication! are favo#ra5le a! a !tan%ar%i>e% !et of )ermitte% a))lication! to
r#n witin D+,!.
8(e following !tan%ar%! for H((P are only a))lica5le to #ntr#!te% relation! firewall
!y!tem!9.
Port -0 m#!t 5e 5loc'e% again!t e6ternal acce!! #nle!! e6)licitly %efine% to go
tro#g a firewall to a D+,?o!te% we5 !erver.
.lternative )ort! !#c a! -0-0 m#!t 5e )rotecte% again!t e6ternal acce!!.
.ll H((P !erver! tat can 5e acce!!e% e6ternally m#!t 5e in a D+,.
C#tgoing ;;; traffic m#!t 5e %irecte% via a firewall or )ro6y !erver.
SS2 ver!ion 3 !o#l% 5e #!e% wenever )o!!i5le to )rotect te !e!!ion 5etween te
c#!tomerD! ;e5 5row!er an% te ;e5 an% e6tranet a))lication !erver! wit
encry)tion< 5efore #!er a#tentication or tran!)ort of confi%ential %ata 5egin!
(e r#le! of te com)any Internet Sec#rity Policy a))ly wen acce!!ing internal o5@ect!.
(/2&/(< )ort 23 i! often re!tricte% to certain o!t!
(elnet m#!t 5e e6)licitly )ermitte% in a firewall 5etween o!t!.
(elnet !o#l% 5e %i!a5le% on o!t! tat ave e6ternal connectivity.
.ll !y!tem! on te D+, tat nee% telnet connectivity !o#l% #!e SSH in!tea%.
If telnet i! )ermitte% ten a%mini!trator! cannot log on remotely a! ArootB.
;en (elnet i! acce)te% all #!er! !o#l% ave !trong )a!!wor%!.
S+(P< )ort 2$ i! #!#ally re!tricte% to e?mail !erver!
(e !et of %e!tination a%%re!!e! for incoming email! m#!t 5e limite% to regi!tere%
internal email a%%re!!e! 8)revention of +ail Relay9.
Internal o!t name! an% IP a%%re!!e! are cla!!ifie% a! AinternalB. (erefore ea%er! of
o#tgoing email! m#!t not contain any name! or a%%re!!e! 8e.g. +ail Dro) .%%re!!e!9
oter tan te official Internet .%%re!! of te !en%er. (i! a))lie! al!o to error
me!!age! !ent 5ac' to an e6ternal !en%er.
10
(e me!!age tran!fer agent m#!t 5e !ec#re 8e.g. !en% mail wit late!t !ec#rity
mo%ification!9.
/6ternally acce!!e% !y!tem! r#nning !en%mail !o#l% ave te late!t )atce! a))lie%
an% a c#rrent relea!e of te !en%mail !oftware.
Sen%mail )roce!!e! !o#l% al!o 5e croote% !o tey %onDt r#n a! te root #!er.
Ro#ting )rotocol!= RIP< I1RP< /I1RP< CSPF< 71P
Ro#ting )rotocol! !o#l% not 5e r#n on o!t! witin te D+, or el!ewere in te
com)any arcitect#re.
RIP< )ort $20 may 5e re!tricte% 5eca#!e it can 5e !)oofe% to re%irect ro#ting
;ere ro#ting )rotocol! are re:#ire% ten a ro#ting )rotocol tat !#))ort! ro#te
a#tentication !o#l% 5e ena5le%. +D$ ro#te a#tentication i! )referre%.
D&S< )ort $3< can al!o 5e !)oofe% to o5tain name! an% IP a%%re!!e! of o!t!
8(e following D&S !tan%ar%! are only a))lica5le to #ntr#!te% relation! firewall !y!tem!9.
Internal o!t name! an% IP a%%re!!e! are cla!!ifie% a! AinternalB an% m#!t not 5e
vi!i5le e6ternally.
J#erie! to non?e6i!tent o!t name! m#!t 5e logge% an% re@ecte%.
(e e6ternal D&S entrie! are limite% to !erver! e6ternally acce!!i5le.
&o :#erie! may 5e forwar%e% to internal D&S !ervice! from e6ternal D&S !ervice!.
(e internal D&S !ervice m#!t not manage e6ternal a%%re!!e!.
,one tran!fer! !o#l% not 5e )ermitte% on e6ternal D+, o!t! to oter Internet D+,
!erver!.
D&, :#erie! 84DP )ort $39 will 5e e6)licitly )ermitte% from te !o#rce a%%re!! to
te %e!tination a%%re!!
4DP )rotocol! are %iffic#lt to filter in a !tatef#l way 5eca#!e 4DP lac'! te connection?
oriente% !tate li'e (CP. (erefore it i! %iffic#lt to %etermine wo initiate% te connection.
".. /uthentic(tion
.#tentication i! #!e% to verify te i%entity of a #!er. .#tentication i! 5a!e% on one or
more factor!=
Someting ?yo#?'now= (e #!er )rove! 'nowle%ge of a )a!!wor% or PI&.
Someting?yo#?ave= (e #!er a! )o!!e!!ion of a )y!ical %evice< !#c a! a 5#il%ing acce!!
5a%ge.
Someting?yo#?are= (e #!er a! a #ni:#e )y!ical i%entifier< !#c a! teir voice or a
finger)rint.
Cn it! own any a#tentication factor co#l% 5e con!i%ere% in!#fficient to )rove a #!erD!
i%entity. ;en two factor! are com5ine%< te a#tentication i! con!i%ere% to 5e a !tronger
form of a#tentication.
11
(ere are two fea!i5le way! for te com)any to acieve !ec#re a#tentication for teir e?
7#!ine!! infra!tr#ct#re= (o'en?5a!e% .#tentication an% SS2v3 Client Digital Certificate
.#tentication. (e!e meto%! !o#l% 5e #!e% wen )o!!i5le to a#tenticate #!er! wo are
interacting wit !ervice! on te D+,.
".0 Encry+tion echnologie$
/ncry)tion tecnologie! li'e IPSec are !tan%ar%i>e%< mat#re< an% well !#))orte%. (e!e
encry)tion an% GP& tecnologie! !o#l% 5e leverage! wenever )o!!i5le to ma'e !#re te
electronic eave!%ro))ing cannot occ#r. (o en!#re )rivacy an% integrity< encry)tion
tecnology !o#l% 5e #!e% wen any com)any confi%ential information travel! over an
#ntr#!te% networ' !#c a! te Internet.
;en encry)ting %ata< 5ot te lifetime an% !en!itivity of te %ata !o#l% 5e
con!i%ere%.
(e longer te lifetime or iger te !en!itivity of te %ata< te !tronger te
encry)tion !o#l% 5e.
;en tran!)orting more !en!itive %ata< 'ey! !o#l% 5e rotate% more fre:#ently.
Fee) in min%< encry)tion alone %oe! not )rovi%e a!!#rance tat %ata a! not 5een
mo%ifie%. Data !o#l% 5e %igitally !igne% to en!#re tat te content! are intact.
/ncry)tion !trengt %egra%e! over time< a! CP4 )ower increa!e!. Fey lengt! an%
encry)tion !ceme! !o#l% 5e reviewe% )erio%ically to a!!e!! a))ro)riatene!!.
(e com)any !o#l% !tan%ar%i>e on te #!e of IPSec tecnologie! rater tan com)eting
tecnologie! li'e 22(P or PP(P. IPSec i! an Internet !tan%ar% rater tan a ven%or
)ro)rietary tecnology. It offer! a#tentication for te ea%er a! well a! encry)tion for te
)ayloa% of te )ac'et!. (e com)any !o#l% al!o avoi% any IPSec im)lementation! tat are
act#ally )ro)rietary.
Client e6tranet !e!!ion! m#!t 5e encry)te% #!ing te Sec#re Soc'et 2ayer Protocol ver!ion 3
8SS2 v39 to )rovi%e an en%?to?en% encry)te% t#nnel from te client to te e6tranet a))lication
!erver.
.ll confi%ential client traffic m#!t 5e tran!)orte% #!ing SS2 v3 encry)tion. .ny e?7#!ine!!
a))lication !erver tat i! !en%ing SS2 traffic m#!t ave a !erver certificate of a#tority.
/ncry)tion !o#l% 5e #!e% to )rotect confi%ential client information at all tran!it )oint!.
Cnce a SS2 !e!!ion a! !tarte%< oter )rotocol! 8e.g.< H((P< F(P.9 can 5e layere% on to) of it
tran!)arently. (e SS2 an%!a'e a#tenticate! te !erver. .n o)tional client a#tentication
i! availa5le in SS2 ver!ion 3. ;en a client re:#e!t! a !ec#re connection< te !erver re!)on%!
5y !en%ing it! %igital certificate< wic incl#%e! it! )#5lic 'ey. (e client ten generate! a
ma!ter !ymmetric encry)tion 'ey< wic i! encry)te% wit te !erverD! )#5lic 'ey an% !ent
5ac'. (e client an% !erver ave now agree% on a !are% !ymmetric encry)tion meto% in
f#ll )rivacy. For a%%itional !ec#rity< client !i%e a#tentication can 5e activate%. (e !erver
!en%! a callenge to te client< wic m#!t ten a#tenticate it!elf to te !erver via it! %igital
certificate.
12
".1 Docu2ent(tion
(e com)any m#!t f#lly %oc#ment te D+, arcitect#re an% ow it i! %e)loye%. It i!
critical to %oc#ment te content! of eac of te !#5net! wit a %ifferent tr#!t level tan te
cor)orate intranet. Ho!tname< IP< !y!tem owner< o)eration! contact< !ervice! te !y!tem
r#n!< an% te firewall r#le?!et! nee% to 5e f#lly %oc#mente%.
If a firewall a%mini!trator re!ign! or i! oterwi!e #navaila5le< an e6)erience% in%ivi%#al m#!t
5e a5le to rea% te %oc#mentation an% ra)i%ly )ic' #) a%mini!trative %#tie! for te firewall.
.))ro)riate firewall %oc#mentation !all 5e maintaine% on off?line !torage at all time!. S#c
information incl#%e!< 5#t i! not limite% to< te networ' %iagram< IP a%%re!!e! of all networ'
%evice!< IP a%%re!!e! of relevant o!t! of te Internet Service Provi%er 8ISP9 !#c a! e6ternal
new! !erver!< ro#ter!< an% D&S !erver!< an% config#ration )arameter! !#c a! )ac'et filter
r#le!< e6)re!!ly )ermitte% !ervice!< an% )ro6y !ervice!. S#c %oc#mentation !all 5e #)%ate%
any time te firewall config#ration i! cange%.
(e o)erational )roce%#re! for te firewall an% it! config#ra5le )arameter! !all 5e well
%oc#mente%< #)%ate%< an% 'e)t in a !afe an% !ec#re )lace.
".3 Re%i$ion Control
F#ll revi!ion control nee%! to 5e im)lemente% on all firewall!< Internet ro#ter!< an% /ternet
!witce! witin te D+,. .ny time a cange ta'e! )lace it nee%! to 5e logge% an% tat
c#rrent config#ration nee%! to 5e arcive%. If a cange wa! ma%e wito#t )ro)er a))roval
ten it m#!t 5e %oc#mente% tat !omeone %i% not follow internal )roce!! an% )roce%#re!.
Ci!co;or'! )rovi%e! !ome of ti! f#nctionality 5y (F(Ping te config#ration 5ac' to te
!erver after eac config#ration cange.
".10 DM# 4o$t 4(rdening
(e com)any nee%! to ma'e !#re eac a))lication owner a! ar%ene% teir !y!tem! tro#g
a )erio%ic a#%it. (i! !o#l% not 5e left #) to te !erver 5#il%er wo create% te !y!tem an%
loa%e% te CS. (e a))lication owner i! #ltimately re!)on!i5le for te welfare of teir
!y!tem an% it! !ec#rity.
Here are !ome g#i%eline! to el) en!#re tat ti! i! 5eing %one. (e config#ration of te
firewall o)erating !y!tem m#!t !ati!fy te following re:#irement! in a%%ition to te relevant
5a!e !ec#rity !tan%ar% 8e.g. 4&IH or &(9=
Pac'et forwar%ing m#!t 5e !witce% off
Remote acce!! to te o!t may only 5e )ermitte% from !)ecific internal o!t! an%
re:#ire! !trong a#tentication
(#rn off li!tening )ort! tat arenDt nee%e% on D+, !erver!
.))ly all c#rrent ven%or )atce! an% ar%en !y!tem
/ac a%mini!trator m#!t 5e i%entifie% wit a )er!onal #!er ID
13
.ll #nnece!!ary !ervice! m#!t 5e !witce% off
CIFS/&IS m#!t not 5e #!e%
(e 7er'eley r )rotocol! m#!t 5e 5loc'e%
&FS m#!t not 5e #!e%
&eiter com)iler! nor %e5#gger! may 5e in!talle%
.ll cange! m#!t 5e %oc#mente%
It m#!t 5e en!#re% tat ven%or !ec#rity )atce! are in!talle%
Reg#lar 5a!i! integrity cec'! 8at lea!t once a %ay9 m#!t 5e carrie% o#t
".11 Ser%er y+e C(tegorie$
(e com)any !o#l% create categorie! of !erver ty)e! witin te D+,. (e!e categorie! can
ten 5e !tan%ar%i>e% #)on an% ten !tan%ar%! can 5e create% 5a!e% on te f#nction an%
arcitect#re of te ty)e! of !y!tem!.
Here i! an e6am)le of !ome ty)e! of !erver categorie!=
;e5 !erver wit !tatic content
;e5 !erver wit !#))orting %ata5a!e 8local an% remote %ata5a!e9
Cter !erver !#))orting anoter ty)e of !ervice
7y !tan%ar%i>ing on a !et of common !erver ty)e! r#le?5a!e! can 5e create% tat ea!ily
tailore% to te!e !y!tem!. F#rtermore< te !ec#rity of te!e ty)e! of !y!tem! can 5e
!tan%ar%i>e% an% controlle% wit te firewall r#le?!et!.
".12 )ire&(ll Configur(tion 'uideline$
Firewall !y!tem! con!i!t of te act#al firewall!< an% te wor'!tation! #!e% to maintain tem.
(e com)any !o#l% a%ere to te generali>e% firewall )olicy tat i! li!te% 5elow.
(e firewall !all 5e config#re% to %eny all !ervice! not e6)re!!ly )ermitte%.
R#le?!et! !o#l% 5e config#re% wit ma6im#m gran#larity of te !o#rce/%e!tination IP
a%%re!!< )ort< an% wic !i%e initiate% te connection
Firewall! !o#l% fail in a Aclo!e%B !tate !o tat wen tey fail tey %o not forwar% any
)ac'et! wat!oever
.ll firewall! !o#l% #!e !tatef#l in!)ection
(e %etail! of te com)any internal tr#!te% networ' !o#l% not 5e vi!i5le from o#t!i%e
te firewall.
Private net! !o#l% 5e invi!i5le
&o ro#ting 5etween te Internet an% Intranet !o#l% 5e ca)a5le
Firewall! will not r#n any ro#ting )rotocol on tem!elve!
Firewall! !o#l% al!o 5e config#re% to filter )ac'et! originating from incorrect IP
a%%re!!e! a! !een 5y tat !)ecific firewall interface. .nti?!)oofing r#le! will 5e
config#re% 5ot in5o#n% an% o#t5o#n% on all interface!.
1*
Internal a%%re!!e! cannot 5e 'nown e6ternally
&etwor' .%%re!! (ran!lation 8&.(9 will 5e em)loye%< were )ractica5le.
.ll connection attem)t! tat %o not meet %efine% )olicy m#!t 5e 5loc'e%
(e firewall !all re@ect any 'in% of )ro5ing or !canning tool tat i! %irecte% to it !o tat
information 5eing )rotecte% i! not lea'e% o#t 5y te firewall.
(e o)erating !y!tem error mo%e m#!t 5e !et in !#c a manner tat )ac'et! cannot
)a!! tro#g if te firewall !oftware cra!e!
(e firewall !oftware m#!t 5e !tarte% 5efore te interface!
.)art from te a%mini!trator! no #!er i! )ermitte% to acce!! te firewall com)#ter
+aintaining Sec#rity Po!t#re
Sec#rity a%mini!trator! m#!t !#5!cri5e to te 5#g/v#lnera5ility li!t! a))ro)riate to te
!y!tem! tey are re!)on!i5le for
.ll #)%ate! or reconfig#ration! recommen%e% 5y te firewall ven%or 8or oter
recogni!e% a#tority9 m#!t 5e !#5mitte% to an eval#ation )roce!!< an% a))lie%
imme%iately wen it i! %etermine% tat te firewall wo#l% oterwi!e 5e at ri!'
.ll 5or%er %evice! m#!t 5e #n%er common management
.ll m#lti?ome% %evice! connecte% to networ'! at %ifferent !ec#rity level! are
con!i%ere% !ec#rity %evice!< an% m#!t 5e #n%er control of te !ame a%mini!trative
a#tority 8te mo!t common e6am)le of ti! wo#l% 5e a GP& ro#ter in!talle% in
)arallel to a firewall< !ee 5elow< GP& Config#ration Coice!9.
C)erating Sy!tem Config#ration
&o !ervice! may 5e r#nning tat are not %irectly relate% to te firewall !ervice 8i.e.< no
D&S or !en%mail9
4DP K !tate timer L 1 min#te 5efore te !tate e6)ire!
(e Firewall Config#ration +anagement Proce!! m#!t 5e #!e%
Config#ration an% control of te )ac'et filter! m#!t 5e #n%erta'en internally an% m#!t
only 5e )o!!i5le from an internal interface.
.ll )rivilege% )ort!< wit te e6ce)tion of e6)licitly re:#ire% )ort!< m#!t 5e clo!e%.
.ll incoming traffic to non?)rivilege% )ort!< e6ce)t for ac'nowle%gement )ac'et!< m#!t
5e re@ecte%.
/6ternal )ac'et! wit an internal !o#rce IP a%%re!! m#!t 5e i%entifie% an% re@ecte%. .n
attac'er alarm m#!t 5e triggere%.
Internal )ac'et! wit an e6ternal !o#rce a%%re!! m#!t 5e i%entifie% an% re@ecte%. .n
attac'er alarm m#!t 5e triggere%.
. config#ration cange m#!t 5e cec'e% for integrity )rior to commi!!ioning #!ing te
a))ro)riate tool!.
/vent! tat can 5e i%entifie% a! !ec#rity?relevant m#!t 5e re)orte% 5ac' to te
management wor'!tation alerting !y!tem.
(e firewall !all 5e config#re% to im)lement tran!)arency for all o#t5o#n% !ervice!.
4nle!! a))rove% 5y te &etwor' Service! +anager< all )ermitte% in?5o#n% !ervice! !all
5e )a!!e% fir!t to te )erimeter networ'.
1$
(e firewall !all act a! a forwar%er of Internet )ac'et!< an% not a! a ro#ter. (e firewall
!all not 5e config#re% to ro#te any traffic 5etween te e6ternal interface an% te internal
networ' interface< !ince ti! co#l% 5y)a!! !ec#rity control!.
.ll e6ternal to internal connection! !all 5e %irecte% to te )erimeter networ' for
connection! not e!ta5li!e% 5y internal #!er! on o#t5o#n% connection!.
;en an in?5o#n% Internet !ervice not !#))orte% 5y a )ro6y i! re:#ire% to )a!! tro#g
te firewall< te firewall a%mini!trator !all %efine te config#ration or )l#g tat will
allow te re:#ire% !ervice. If a )ro6y 5ecome! availa5le from te firewall ven%or< te
)l#g m#!t 5e %i!a5le% an% te )ro6y ma%e o)erative.
".1" DM# /d2ini$tr(tion
Cne of te item! tat te De!ign Review 7oar% 8DR79 gro#)! foc#! on i! te o)erational
a!)ect of new %e!ign!. I! te )ro)o!e% %e!ign 5eing reviewe% !#))orta5le an% o)erationally
!o#n%M Sy!tem! tat are %e)loye% on te D+,! m#!t 5e a5le to 5e maintaine%. (ere i! a
fine 5alance 5etween ma'ing !y!tem! tat are too !ec#re an% are not ea!ily manage% or
ma'ing te !ec#rity wea' 5#t very ea!ily manage%.
(e ty)e! of traffic tat are nece!!ary to manage te !y!tem! witin te com)any D+,! are=
Ping/Tra,eroute1
Ping an% tracero#te are #!ef#l to :#ic'ly %etermine if a o!t or !y!tem i! #) an% o)erating
correctly on te networ'< owever< IC+P can 5e #!e% in vario#! form! of attac'!.
Ping an% tracero#te !o#l% only 5e )ermitte% were nece!!ary K )ermit only 8eco?re:#e!t
an% eco?re)ly9 IC+P )ac'et ty)e!
Ping !o#l% 5e 5loc'e% coming from te Internet to any D+, !y!tem!< incl#%ing te
firewall!< ro#ter!< an% /ternet !witce!
If IC+P i! re:#ire% to a%mini!ter te firewall< ten a r#le m#!t 5e config#re% to limit acce!!
only to IP a%%re!!e! from .%min?&et
'NMP1
S&+P i! nee%e% to el) maintain te )erformance of !y!tem! on te D+,!. S&+P !y!tem!
can al!o !en% tra)! to alert &etwor' +anagement Sy!tem! 8&+S!9 tat tere i! a )ro5lem
tat re:#ire! attention. However< tere are wea'ne!!e! in S&+P ver!ion 1 tat incl#%e! te
comm#nity !tring! to 5e carrie% in te clear. Since later ver!ion! of S&+P migt not 5e
!#))orte% on all te e:#i)ment in te D+,< control! on te #!e of S&+P are nee%e%.
S&+P may 5e ena5le% on !y!tem!< 5#t wit only a ARea%?CnlyB comm#nity !tring ca)a5ility
S&+P ARea%?writeB ca)a5ility !o#l% 5e !trictly for5i%%en on all !y!tem!< o!t!< ro#ter!<
!witce!< an% firewall!.
(i! !ection al!o %etail! firewall a%mini!tration an% management. (wo firewall
a%mini!trator!< one )rimary an% one !econ%ary< !all 5e %e!ignate% 5y te Cief Information
Sec#rity Cfficer 8CISC9 an% !all 5e re!)on!i5le for te #)'ee) of te firewall. (e )rimary
a%mini!trator !all ma'e cange! to te firewall an% te !econ%ary !all %o !o only in te
a5!ence of te former !o tat tere i! no !im#ltaneo#! or contra%ictory acce!! to te firewall.
16
Cnly te %e!ignate% firewall a%mini!trator! !all 5e given #!er acco#nt! on te firewall. .ny
mo%ification of te firewall !y!tem !oftware m#!t 5e %one 5y te firewall a%mini!trator or
5ac'#) a%mini!trator an% re:#ire! a))roval of te &etwor' Service! +anager.
/ac firewall a%mini!trator !all )rovi%e teir ome )one n#m5er< )ager n#m5er< cell#lar
)one n#m5er an% oter n#m5er! or co%e! in wic tey can 5e contacte% wen !#))ort i!
re:#ire%.
In%ivi%#al! a!!igne% te ta!' of firewall a%mini!tration m#!t ave an%!?on e6)erience wit
networ'ing conce)t!< %e!ign< an% im)lementation !o tat te firewall i! config#re% correctly
an% a%mini!tere% )ro)erly. Firewall a%mini!trator! !all receive )erio%ic training on te
firewall! in #!e an% in networ' !ec#rity )rinci)al! an% )ractice!.
Firewall +anagement ;or'!tation
+#!t 5e locate% on .%min?&et
+#!t 5e %e%icate% to management of !ec#rity %evice!
+ay never 5e #!e% for office a#tomation ta!'! 8wor% )roce!!ing< email< !#rfing9
+ay never 5e #!e% for %evelo)ment wor'
.ll !y!tem! #!e% for maintaining or a%mini!tering te firewall or wic ave
)rivilege% acce!! to te firewall m#!t 5e %oc#mente%
(e )referre% meto% for firewall a%mini!tration i! %irectly from te con!ole )ort of
te attace% terminal.
Remote a%mini!trative firewall connection! originating from witin te com)any
networ' are )ermitte% )rovi%e% tat !e!!ion encry)tion i! #!e% for te!e connection!.
Cterwi!e< tere !o#l% 5e no remote config#ration of te firewall! over an #ntr#!te%
networ'.
In no ca!e !all remote acce!! to te firewall 5e !#))orte% over #ntr#!te% networ'!N
i.e. te Internet.
Sec#rity an% Performance .lert!
+#!t a))ear on management wor'!tation in 5ot a#%io an% vi!#al form
+#!t 5e monitore% 5y !ec#rity or o)eration! !taff 2*H"
.ll !#!)icio#! event! m#!t 5e inve!tigate%
2og! m#!t 5e reviewe% )erio%ically
Firewall config#ration m#!t 5e 5ac'e% #)
7ac'#)! m#!t 5e !tore% in a !ec#re facility
(e firewall m#!t 5e 5ac'e% #) after every config#ration cange !o tat %ata an%
config#ration file! can 5e recovere% in te event of !y!tem fail#re. (wo co)ie! of te
c#rrent com)any )ro%#ction firewall config#ration !all 5e maintaine% for te
)#r)o!e of re!toring f#nctionality after a !y!tem fail#re.
(wo co)ie! of any firewall config#ration #!e% in te com)any )ro%#ction
environment !all 5e !afely !tore% for a )erio% of at lea!t tirty %ay! after in!tit#tion
of a new config#ration.
7ac'#) file! !all 5e !tore% !ec#rely on rea%?only me%ia !o tat %ata in !torage i! not
over?written ina%vertently.
1"
7ac'#) file! !all 5e loc'e% #) !o tat te me%ia i! only acce!!i5le to te a))ro)riate
)er!onnel.
7ac'#)! !o#l% 5e create% after every config#ration cange or #)gra%e
(e firewall arcitect#re an% r#le! m#!t 5e %oc#mente%
(e firewall arcitect#re a! to 5e a))rove% 5y te Information Sec#rity Cfficer
Sec#rity?relevant cange! m#!t 5e )re!ente% to te Information Sec#rity Cfficer for
a))roval.
Config#ration information< vali% connection a#tori>ation! an% te inci%ent re!)on!e
conce)t m#!t 5e availa5le an% o)en to in!)ection 5y te Information Sec#rity Cfficer

at
any time.
Perio%ic !ec#rity cec'! m#!t 5e organi>e% 5y te Information Sec#rity Cfficer.
.cce!! to te firewall! for a%mini!tration )#r)o!e! re:#ire! !trong a#tentication an%
m#!t 5e ma%e from %efine% wor'!tation!.
(e information tran!mitte% 5etween te a%mini!tration con!ole an% firewall i! cla!!ifie%
a! confi%ential.
(e cange management )roce%#re! m#!t 5e e!ta5li!e% an% %oc#mente%.
Firewall! m#!t 5e )y!ically )rotecte%. Cnly firewall a%mini!trator! an% !y!tem
manager! may ave acce!! to te firewall! an% teir a%mini!tration con!ole!. .n acce!!
conce)t m#!t 5e %efine%< %oc#mente% an% maintaine%.
.ll firewall in!tallation! m#!t 5e cec'e% reg#larly for conformity to te Internet
Sec#rity Policy.
(e firewall !all 5e reg#larly a#%ite% an% monitore% to %etect intr#!ion! or mi!#!e.
(e firewall !all )rovi%e %etaile% a#%it log! of all !e!!ion! !o tat te!e log! can 5e
reviewe% for any anomalie!.
".1, Phy$ic(l )ire&(ll Security
Py!ical acce!! to te firewall m#!t 5e tigtly controlle% to )recl#%e any a#tori>e% cange!
to te firewall config#ration or o)erational !tat#!< an% to eliminate any )otential for
monitoring firewall activity. In a%%ition< )reca#tion! !o#l% 5e ta'en to a!!#re tat )ro)er
environment alarm! an% 5ac'#) !y!tem! are availa5le to a!!#re te firewall remain! online.
(e com)any firewall !all 5e locate% in an controlle% environment< wit acce!! limite% to
te &etwor' Service! +anager< te firewall a%mini!trator< an% te 5ac'#) firewall
a%mini!trator.
(e room in wic te firewall i! to 5e )y!ically locate% m#!t 5e e:#i))e% wit eat< air?
con%itioner< an% !mo'e alarm! to a!!#re te )ro)er wor'ing or%er of te room. (e
)lacement an% recarge !tat#! of te fire e6ting#i!er! !all 5e cec'e% on a reg#lar 5a!i!.
4ninterr#)ti5le )ower !ervice !all 5e )rovi%e% to te firewall.
+a'e !#re tat te 2.& e:#i)ment i! in a loc'e% clo!et an% te %oor remain! loc'e%
Doc#ment all wiring
Di!connect #n#!e% connection!
1-
4!e #ninterr#)ti5le )ower an% )ower con%itioner! to )rotect !en!itive re!o#rce!.
(i! )rovi%e! te e:#i)ment wit a contin#o#! )ower !o#rce< wit noi!e?free
electricity.
+a'e !#re tat e:#i)ment i! gro#n%e% )ro)erly
De!ign ca5le layo#t to #!e %ifferent ri!er! to get re%#n%ant ca5le! a )y!ically %iver!e
)at.
".1- )ire&(ll Logging 5 Incident 4(ndling
Inci%ent re)orting i! te )roce!! were5y certain anomalie! are re)orte% or logge% on te
firewall. . )olicy i! re:#ire% to %etermine wat ty)e of re)ort to log an% wat to %o wit te
generate% log re)ort. (i! !o#l% 5e con!i!tent wit Inci%ent Han%ling )olicie!.
(e firewall !all 5e config#re% to log re)ort! on %aily< wee'ly< an% montly 5a!e! !o tat
te networ' activity can 5e analy>e% wen nee%e%. (e &etwor' Service! +anager !all
%etermine te relevant log! an% re)ort! to 5e maintaine%.
Firewall log! !all 5e e6amine% on at lea!t a wee'ly 5a!i! to %etermine if attac'! ave 5een
attem)te%.
Sec#rity alarm! convey varying level! of #rgency. (e firewall a%mini!trator !all 5e
notifie% at anytime of #rgent !ec#rity alarm!< a! %eeme% 5y te &etwor' Service! +anager<
5y tele)one< )ager< or oter o#t?of?5an% mean! !o tat te a%mini!trator may imme%iately
re!)on% to !#c alarm. 2e!! #rgent alarm! can 5e conveye% via e?mail.
If it i! nece!!ary to 5ring %own te firewall< Internet !ervice !all 5e %i!a5le%. .fter 5eing
reconfig#re%< te firewall m#!t 5e 5ro#gt 5ac' into an o)erational an% relia5le !tate. Internal
!y!tem! !all not 5e connecte% to te Internet #ntil firewall f#nctionality i! re!tore%.
In ca!e of a firewall 5rea'?in< te firewall a%mini!trator i! re!)on!i5le for reconfig#ring te
firewall to a%%re!! te v#lnera5ility tat wa! e6)loite%.
(e com)any !o#l% %evelo) an a#tomate% log com)re!!ion an% 5ac'#) mecani!m. (i! i!
#!#ally a !ell !cri)t tat e6ec#te! from nigtly cron @o5!. In a%%ition to %aily !y!tem
5ac'#)!< arcive to ta)e any log! ol%er tan one wee'< 'ee) $ %ay! of com)re!!e% log! on
te !y!tem< an% leave te c#rrent an% )revio#! %ay! log! #ncom)re!!e%.
2og! !o#l% 5e arcive% to a ar%ene%< non?5a!tion o!t
/n!#re te log! are written to !ome tam)er )roof me%ia.
Con!i%er filtering o#t Onoi!eO 8i.e. 5roa%ca!t!< )ing!< etc.9 from te log!< 5y mo%ifying te
Firewall r#le! to not log #nnece!!ary information
7eca#!e firewall log! contain !#c #ge amo#nt! of %ata< it i! not )ractical for an
a%mini!trator to man#ally review te file! an% %evelo) an #n%er!tan%ing of wat a! 5een
a))ening to te firewall. Software for )erforming firewall log analy!i! an% re)orting tool i!
igly recommen%e%. (e!e tool! el) monitor incoming an% o#tgoing firewall activity<
)rotocol #!age< !ec#rity )ro5lem!< re!o#rce #!age< 5an%wi%t con!#m)tion< an% more.
10
(e firewall log! m#!t 5e file% for at lea!t *00 %ay!
2og! m#!t 5e )rotecte% from mani)#lation
(ey m#!t contain at lea!t te following %ata=
o S#cce!!f#l an% re@ecte% connection! to te firewall
o S#cce!!f#l an% re@ecte% connection! to internal o!t!
Connection! to e6ternal o!t!
+#lti)le< re@ecte% connection! to te !ame o!t
(e e6traction of !)ecific information m#!t 5e )o!!i5le witin rea!ona5le time an%
effort< 8)o!!i5ly wit te #!e of a !e)arate analy!i! tool9.
(e firewall log! are to 5e mirrore% on a !e)arate !y!tem a! rea% only %ata or m#!t 5e written
on CD!. .cce!! to ti! %ata m#!t 5e limite% to te firewall a%mini!tration an% !y!tem
management.
Firewall! !o#l% al!o log information li'e wat #!er! are connecting to wic 4R2!. (e
overall nee% for 4R2 filtering i! to acieve efficiency in te #!e of internet for com)any
em)loyee!< meaning to ma'e te connectivity availa5le only for 5#!ine!! )#r)o!e! an% any
offen!ive or #nwante% traffic 5y any5o%y in te internal networ' 5e 5loc'e%< t#! not
ogging te 5an%wi%t. 4R2 logging an% )otentially 4R2 filtering can )rotect te
organi>ation from offen!ive we5 !ite% 5eing viewe% wit cor)orate re!o#rce!.
/ntry !erver! are igly !ec#re rever!e )ro6y !y!tem! tat are te !ole )oint of contact
5etween te )#5lic Internet an% internal !y!tem!. (ey !erve a! te SS2 en%)oint for
Internet e?5an'ing connection!. ;en a 5an' c#!tomer %e!ire! acce!! to e?5an'ing !ervice!<
teir we5 5row!er create! an SS2 !e!!ion to te entry !erver. (e entry !erver )erform! te
#!er a#tentication< re:#e!ting login cre%ential! from te #!er an% verifying tem again!t an
internal %ata5a!e. Cnce te login a! 5een acce)te%< te entry !erver )erform! no a%%itional
)roce!!ing< oter tan maintaining te e6ternal SS2 !e!!ion an% )ro6ying it tro#g to te
a))lication !erver.
7eca#!e !en!itive client information i! )roce!!e% on ti! !erver< an% 5eca#!e it i! acce!!i5le
from te Internet 8#!ing H((P9< it m#!t 5e a! !ec#re a! )ractical. (e !ec#rity !tan%ar%! for
an entry !erver are a! follow!=
".1. 6+gr(ding the )ire&(ll
It i! often nece!!ary tat te firewall !oftware an% ar%ware com)onent! 5e #)gra%e% wit
te nece!!ary mo%#le! to a!!#re o)timal firewall )erformance. (e firewall a%mini!trator
!o#l% 5e aware of any ar%ware an% !oftware 5#g!< a! well a! firewall !oftware #)gra%e!
tat may 5e i!!#e% 5y te ven%or. If an #)gra%e of any !ort i! nece!!ary< certain )reca#tion!
m#!t 5e ta'en to contin#e to maintain a ig level of o)erational !ec#rity.
(e firewall a%mini!trator m#!t eval#ate eac new relea!e of te firewall !oftware to
%etermine if an #)gra%e i! re:#ire%. .ll !ec#rity )atce! recommen%e% 5y te firewall ven%or
!o#l% 5e im)lemente% in a timely manner.
20
Har%ware an% !oftware com)onent! !all 5e o5taine% from a li!t of ven%or?recommen%e%
!o#rce!. .ny firewall !)ecific #)gra%e! !all 5e o5taine% from te ven%or. (e #!e of vir#!
cec'e% me%ia< or F(P to a ven%orP! !ite< are a))ro)riate meto%! to o5taining !oftware
#)%ate!.
.fter any #)gra%e te firewall !all 5e te!te% for f#nctionality )rior to going o)erational.
".10 Intr(net )ire&(ll$
For any !y!tem! o!ting com)any critical a))lication!< or )rovi%ing acce!! to !en!itive or
confi%ential information< internal firewall! or filtering ro#ter! !all 5e #!e% to )rovi%e !trong
acce!! control< an% !#))ort for a#%iting an% logging. (e!e control! !all 5e #!e% to !egment
te internal com)any networ' to !#))ort te acce!! )olicie! %evelo)e% 5y te %e!ignate%
owner! of information.
".11 6$er 'uideline$
(e entire com)any Firewall )olicy i! not inten%e% for wi%e %i!!emination. .n attac'er can
glean con!i%era5le information a5o#t te !ec#rity )o!t#re of an organi>ation 5y rea%ing teir
firewall )olicy %oc#ment. Information tat !o#l% 5e comm#nicate% to te #!er )o)#lation
!o#l% 5e minimal. .n Internet 4!e Policy i! an a))ro)riate %oc#ment for %i!!eminating ti!
information to te #!er )o)#lation.
".13 D(t(7($e Sy$te2 Security
(e e6tranet %ata5a!e !erver! fall into two categorie!= to!e tat ave %ata tat i! re:#ire% for
te e6tranet )ortal a))lication! to o)erate !#c a! te SJ2 %ata5a!e !erver! an% to!e tat
ave %ata tat i! %elivere% to te client a! content. (e com)any a! many internal %ata5a!e!
tat contain confi%ential information. It i! recommen%e% tat client %ata 5e A)#!e%B from
te many com)any internal %ata5a!e! to one or more %ata !torage !erver! re!i%ing on te
e6tranet %ata5a!e D+,. (e !ec#rity 5enefit! of )#!ing te %ata to te e6tranet %ata !torage
!erver! are=
(e e6tranet a))lication !erver! will 5e acce!!ing a co)y of te clientD! %ata an% not
te original !o#rce.
Cnly a !#5!et of te client %ata re!i%ing on te %ata5a!e !erver! will re!i%e on te
e6tranet %ata5a!e !erver!.
(e e6tranet a))lication !erver! will not 5e acce!!ing %ata %irectly from te internal
networ'D! %ata5a!e !erver!. (erefore< if one of te a))lication !erver! i!
com)romi!e%< te attac'er a! acce!! only to te com)any D+, %ata5a!e !erver! an%
not te original !o#rce.
;en %ata i! )#!e% to te e6tranet %ata5a!e D+, %ata !torage !erver!< it i! e!!ential tat
only te %ata tat te client nee%! acce!! to re!i%e on to!e !erver!. ;ole %ata5a!e!
!o#l%nDt 5e re)licate% to te e6tranet %ata !torage !erver! for convenience or any oter
)#r)o!e. (e client %ata !o#l% 5e !tore% a! rea%?only %ata.
21
(e %ata !o#l% 5e acce!!e% #!ing a ig )erformance %ata5a!e !erver containing )ointer! to
file! on te %ata !torage !erver! to maintain ig?!)ee% %ata acce!!.
(e %ata5a!e !erver !oftware #!e% !o#l% !#))ort=
.#tentication 5etween te e6tranet a))lication !erver! an% te %ata5a!e !erver.
/ncry)tion of traffic 5etween te a))lication !erver 8%ata5a!e client9 an% te %ata5a!e
!erver.
/ncry)tion of traffic 5etween te %ata5a!e !erver an% te %ata !torage !erver.
It i! recommen%e% tat %ata tat will 5e acce!!e% 5y te e6tranet )ortal a))lication !erver! 5e
A)#!e%B to %ata5a!e !erver! or %ata !torage !erver! on te %ata5a!e D+,. Cnly %ata tat
te client! nee% to acce!! !o#l% re!i%e on te %ata5a!e D+, !erver! in a rea%?only mo%e of
acce!!.
(e %ata5a!e !erver !o#l% !#))ort te !ec#rity feat#re! %etaile% a5ove.

It i! im)erative tat if te e6tranet )ortal infra!tr#ct#re i! co?locate% at a non?com)any
facility< tat te com)any inve!tigate te legal ramification! of o#!ing confi%ential client
information off!ite an% follow te legal g#i%eline! a))ro)riately.
(ere may 5e e6ce)tion! to te!e g#i%eline! 5a!e% on te com)anyD! 5#!ine!! re:#irement!.
(e Internet we5 !y!tem! migt allow c#!tomer! to cange information a5o#t tem!elve!
!#c a! )one n#m5er a!!ociate% wit teir acco#nt. (e!e a))lication! will ten nee% write
acce!! to te )ro%#ction internal %ata5a!e! an% terefore nee% to %o ti! in a !ec#re atomic
way. (ere may al!o 5e a))lication! tat nee% to allow c#!tomer! to i!!#e )ower
connect/%i!connect or%er!. (e!e a))lication! will al!o re:#ire write acce!! to !ome internal
%ata5a!e! an% wor'flow !oftware. (ere will 5e oter a))lication! tat will nee% ti! ty)e of
acce!! to te internal %ata5a!e!. (e a5ove g#i%eline! may not a))ly to !ome of te!e
a))lication!< 5#t te !ec#rity of te!e a))lication! will nee% to 5e eval#ate% on a ca!e?5y?
ca!e 5a!i! 5y te !ec#rity DR7.
".20 P(rtner !et&or*$
;en acce!! i! allowe% 5etween com)any networ'! an% an e6ternal organi>ationD! networ'<
tere are certain ri!'! involve%. Ri!'! m#!t 5e i%entifie% an% minimi>e% to re%#ce te
)otential for com)romi!e of !en!itive 5#!ine!! information or %enial of !ervice to te
com)any information re!o#rce!.
7elow i! a li!t of re:#irement! for con!i%ering )artner networ' %e!ign!=
. !igne% contract 5etween te two entitie! tat !)ell! o#t te %etail! of ti! )artner
connection !o#l% e6i!t )rior to connecting te networ'!. (i! contract !o#l% !)ell
o#t te term! an% con%ition! an% contain a non?%i!clo!#re agreement
. S2. tat %etail! te e6)ectation! #) front i! nee%e% tat !ow! te %emarcation an%
owner!i) of te connection an% te vario#! networ' element! ma'ing te connection
22
(e inci%ent re!)on!e )roce%#re! for te connection nee% to 5e %etermine% an%
%oc#mente%
Doc#mentation !o#l% e6i!t tat !ow! ow ti! )artner connection i! %e!igne% an%
im)lemente%
+anagement an% e!calation )oint! of contact !o#l% 5e 'now an% %oc#mente%
(e ty)e! of traffic 5eing e6cange% nee%! to 5e 'nown. Cnly to!e !)ecific traffic
flow! !o#l% 5e )ermitte% tro#g te #!e of a networ' !ec#rity filtering %evice.
Filter! !o#l% 5e create% in 5ot %irection! on 5ot en%! of te connection.
".21 Intru$ion Detection
Intr#!ion Detection involve! were an% ow to monitor for attac' !ignat#re< 5ot on te
networ'< an% witin o!t!. 7elow are !ome g#i%eline! for Intr#!ion Detection Sy!tem!=
(e com)any !o#l% #tili>e 5ot Ho!t an% &etwor' 5a!e% !y!tem! were a))ro)riate
/na5le D+, !y!tem! to alert for attac'! again!t tem!elve!
S#5%ivi%e traffic in %ata center! into c#n'! ca)a5le of in%ivi%#al monitoring
8Q100+5)!9
Con!i%er #tili>ing networ'?!witcing e:#i)ment !)ecifically %e!igne% to
accommo%ate IDS
Intr#!ion re!)on!e )olicie! m#!t e6i!t )rior to im)lementation of an IDS
. central management con!ole !o#l% 5e #!e% to gater alarm! from 5ot networ'?
5a!e% an% o!t?5a!e% IDS
&etwor'?5a!e% IDS !o#l% 5e a5le to in!)ect traffic flowing in 5ot %irection!
.larm! !o#l% 5e arcive% for a )erio% of 1 year
".22 E8ce+tion$ to the DM# De$ign Re%ie&
In any organi>ation tere are alway! going to 5e e6ce)tion!. (erefore a )roce!! !o#l% e6i!t
tat %eal! wit ti! event#ality. ;en !y!tem! are 5eing )ro)o!e% for 5#!ine!! rea!on! an%
are not in com)liance wit te!e g#i%eline! for creating an% maintaining a !ec#re D+,
arcitect#re management nee%! to acce)t te ri!'.
In te!e !)ecial ca!e! were e6ce)tion! are ma%e a ri!' te GP or Senior /6ec#tive of te
5#!ine!! #nit tat i! re:#e!ting te cange m#!t !ign a ri!'?acce)tance form. (i! form can
5e !tan%ar%i>e% an% can 5e create% tro#g ar5itration. (i! ri!' acce)tance form !o#l%
al!o contain te 5#!ine!! ca!e tat i! 5eing #!e% to go again!t te !ec#rity )olicy an%
g#i%eline!. (i! )roce!! can al!o 5e #!e% wen tere i! a tie5rea'er vote witin te SDR7
gro#).
(ime limit! are al!o an im)ortant com)onent of ti! )roce!!. If a ri!'?acce)tance i! grante%
ten an agree% #)on time limit !o#l% e6i!t to 5ring te !y!tem into com)liance. /ac time
tat te SDR7 meet! te time limit! !o#l% 5e reviewe% an% !tat#! !o#l% 5e given on te
)rogre!! of 5ringing in!ec#re !y!tem! into com)liance. If te time limit e6)ire! ten eiter
23
te !y!tem m#!t 5e 5ro#gt into !ec#rity com)liance or it will re:#ire anoter ri!'?
acce)tance form 5e !#5mitte% an% !igne%.
".2" Docu2ent 4i$toric(l De$ign Deci$ion$
(e SDR7 !o#l% al!o 'ee) recor%! a5o#t wat %e!ign! are a))rove% an% wy tey were
a))rove%. Doc#mentation of ti! !ort will create a !ort of Aca!e i!toryB an% !et )rece%ence
for f#t#re %eci!ion! to 5e ma%e. (i! will 'ee) te integrity of te SDR7 an% contin#e to
in!#re tat te D+, arcitect#re i! a%ere% to even wen te )eo)le witin te SDR7 may
cange.
2*
/++endi8 /9 /crony2$
(e acronym! #!e% in ti! %oc#ment are %efine% 5elow for reference.
#,ronym Des,ription
71P?* 7or%er 1ateway Protocol ver!ion *
CISC Cief Information Sec#rity Cfficer
CCR7. Common C5@ect Re:#e!t 7ro'er
D+, Demilitari>e% ,one
D&S Domain &ame Sy!tem
DR7 De!ign Review 7oar%
/.DR7 /6ternal .rcitect#re De!ign Review 7oar%
/I1RP /nance% Interior 1ateway Ro#ting Protocol
/&(.1 /nter)ri!e &etwor' (ecnology .%vi!ory 1ro#)
F(P File (ran!fer Protocol
H((P8!9 Hy)er(e6t (ran!fer Protocol 8Sec#rity9
I.DR7 Internal .rcitect#re De!ign Review 7oar%
IC+P Internet Control +e!!age Protocol
I1RP Interior 1ateway Ro#ting Protocol
IICP Internet Inter?CR7 Protocol
IPSec Internet Protocol Sec#rity
ISP Internet Service Provi%er
I( Information (ecnology
2.& 2ocal .rea &etwor'
22(P 2ayer?2 (ran!fer Protocol
&.( &etwor' .%%re!! (ran!lation
&FS &etwor' File Sy!tem
&IS &etwor' Information Service
&+S &etwor' +anagement Sy!tem
&&(P &etwor' &ew! (ran!fer Protocol
CS C)erating Sy!tem
CSPF C)en Sorte!t Pat Fir!t
PP(P Point?to?Point (ran!fer Protocol
RIP Ro#ter Information Protocol
RPC Remote Proce%#re Call
SCP Sec#re Co)y
SDR7 Sec#rity De!ign Review 7oar%
S+(P Sim)le +ail (ran!fer Protocol
S&+P Sim)le &etwor' +anagement Protocol
SSH Sec#re Sell
SS2 Sec#re Soc'et! 2ayer
(F(P (rivial File (ran!fer Protocol
4DP 4!er Datagram Protocol
2$
#,ronym Des,ription
GP& Girt#al Private &etwor'
26

DMZ Design Review Guidelines-Sanitized

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

DMZ Design Review Guidelines-Sanitized

Загружено:

Авторское право:

Доступные форматы

DMZ Design Review Guidelines

Вам также может понравиться