tailieunhanh - computer network internet security phần 6

Cuối cùng, có phải là một hệ thống vững chắc của việc thực thi, cả hai hệ thống và các cấp hành chính. An ninh tốt không phải là một lớp duy nhất của bảo vệ. Nó bao gồm các chính sách thích hợp, tiêu chuẩn và thực hành, kiến trúc đầy đủ, kiểm tra tuân thủ và kiểm toán, | Real Audio n n n n There is currently no business requirement for supporting streaming audio sessions through the ORGANIZATION firewall. Any business units requiring such support should contact the Network Services Manager. Lp y n n n Inbound lp services are to be disabled at the ORGANIZATION firewall finger y n n n Inbound finger services are to be disabled at the ORGANIZATION firewall gopher y n n n Inbound gopher services are to be disabled at the ORGANIZATION firewall whois y n n n Inbound whois services are to be disabled at the ORGANIZATION firewall SQL y n n n Connections from external hosts to internal databases must be approved by the Network Services Manager and used approved SQL proxy services. Rsh y n n n Inbound rsh services are to be disabled at the ORGANIZATION firewall Other such as NFS n n n n Access to any other service not mentioned above shall be denied in both direction so that only Internet services we have the need for and we know about are allowed and all others are denied. An organization may wish to support some services without using strong authentication. For example an anonymous FTP server may be used to allow all external users to download open information. In this case such services should be hosted outside the firewall or on a service network not connected to corporate networks that contain sensitive data. The table that follows summarizes a method of describing such policy for a service such as FTP. 152 Table 1 - Summarized Security Policy Policy NonAnonymous FTP service Anonymo us fTp service Put server machine outside the firewall N Y Put server machine on the service network N Y Put server machine on protected network Y N Put server machine on the firewall itself N N Server will be accessed by everyone on the Internet N Y Client and Server Security in Enterprise Networks Historical Configuration of Dedicated Firewall Products In today s network security firewall marketplace the most common firewall configuration is

TỪ KHÓA LIÊN QUAN