ImageVerifierCode 换一换
格式:PDF , 页数:54 ,大小:938.20KB ,
资源ID:1029817      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-1029817.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(SANS 18028-4-2009 Information technology - Security techniques - IT network security Part 4 Securing remote access《信息技术 安全技术 信息网络安全 第4部分 保护远程访问的安全》.pdf)为本站会员(priceawful190)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

SANS 18028-4-2009 Information technology - Security techniques - IT network security Part 4 Securing remote access《信息技术 安全技术 信息网络安全 第4部分 保护远程访问的安全》.pdf

1、 Collection of SANS standards in electronic format (PDF) 1. Copyright This standard is available to staff members of companies that have subscribed to the complete collection of SANS standards in accordance with a formal copyright agreement. This document may reside on a CENTRAL FILE SERVER or INTRA

2、NET SYSTEM only. Unless specific permission has been granted, this document MAY NOT be sent or given to staff members from other companies or organizations. Doing so would constitute a VIOLATION of SABS copyright rules. 2. Indemnity The South African Bureau of Standards accepts no liability for any

3、damage whatsoever than may result from the use of this material or the information contain therein, irrespective of the cause and quantum thereof. ISBN 978-0-626-22051-8 SANS 18028-4:2009Edition 1 ISO/IEC 18028-4:2Edition 1 005 SOUTH AFRICAN NATIONAL STANDARD Information technology Security techniqu

4、es IT network security Part 4: Securing remote access This national standard is the identical implementation of ISO/IEC 18028-4:2005 and is adopted with the permission of the International Organization for Standardization and the International Electrotechnical Commission. Published by SABS Standards

5、 Division 1 Dr Lategan Road Groenkloof Private Bag X191 Pretoria 0001 Tel: +27 12 428 7911 Fax: +27 12 344 1568 www.sabs.co.za SABS This standard may only be used and printed by approved subscription and freemailing clients of the SABS.SANS 18028-4:2009 Edition 1 ISO/IEC 18028-4:2005 Edition 1 Table

6、 of changes Change No. Date Scope National foreword This South African standard was approved by National Committee SABS SC 71F, Information technology Information security, in accordance with procedures of the SABS Standards Division, in compliance with annex 3 of the WTO/TBT agreement. This SANS do

7、cument was published in March 2009. This standard may only be used and printed by approved subscription and freemailing clients of the SABS. Reference number ISO/IEC 18028-4:2005(E) ISO/IEC 2005INTERNATIONAL STANDARD ISO/IEC 18028-4 First edition 2005-04-01 Information technology Security techniques

8、 IT network security Part 4: Securing remote access Technologies de linformation Techniques de scurit Scurit de rseaux TI Partie 4: Tlaccs de la scurit SANS 18028-4:2009This standard may only be used and printed by approved subscription and freemailing clients of the SABS.ISO/IEC 18028-4:2005(E) PDF

9、 disclaimer This PDF file may contain embedded typefaces. In accordance with Adobes licensing policy, this file may be printed or viewed but shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In downloading this file, par

10、ties accept therein the responsibility of not infringing Adobes licensing policy. The ISO Central Secretariat accepts no liability in this area. Adobe is a trademark of Adobe Systems Incorporated. Details of the software products used to create this PDF file can be found in the General Info relative

11、 to the file; the PDF-creation parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below. ISO/IEC 2

12、005 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISOs member body in the co

13、untry of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.org Web www.iso.org Published in Switzerland ii ISO/IEC 2005 All rights reservedSANS 18028-4:2009This standard may only be used and printed by approved subs

14、cription and freemailing clients of the SABS.ISO/IEC 18028-4:2005(E) ISO/IEC 2005 All rights reserved iiiContents Page Foreword. v Introduction . vi 1 Scope 1 2 Terms, definitions and abbreviated terms 1 3 Aim 5 4 Overview 6 5 Security requirements 7 6 Types of remote access connection . 8 7 Techniq

15、ues of remote access connection . 9 7.1 General. 9 7.2 Access to communications servers 9 7.3 Access to LAN resources. 13 7.4 Access for maintenance. 14 8 Guidelines for selection and configuration14 8.1 General. 14 8.2 Protecting the RAS client. 15 8.3 Protecting the RAS server 16 8.4 Protecting th

16、e connection 17 8.5 Wireless security. 18 8.6 Organizational measures . 19 8.7 Legal considerations 20 9 Conclusion. 20 Annex A (informative) Sample remote access security policy 21 A.1 Purpose 21 A.2 Scope 21 A.3 Policy 21 A.4 Enforcement 22 A.5 Terms and definitions. 23 Annex B (informative) RADIU

17、S implementation and deployment best practices 24 B.1 General. 24 B.2 Implementation best practices 24 B.3 Deployment best practices 25 Annex C (informative) The two modes of FTP. 27 C.1 PORT-mode FTP 27 C.2 PASV-mode FTP 27 Annex D (informative) Checklists for secure mail service . 29 D.1 Mail serv

18、er operating system checklist 29 D.2 Mail server and content security checklist. 30 D.3 Network infrastructure checklist . 31 D.4 Mail client security checklist 32 D.5 Secure administration of mail server checklist . 32 Annex E (informative) Checklists for secure web services 34 E.1 Web server opera

19、ting system checklist .34 E.2 Secure web server installation and configuration checklist 35 E.3 Web content checklist 36 SANS 18028-4:2009This standard may only be used and printed by approved subscription and freemailing clients of the SABS.ISO/IEC 18028-4:2005(E) iv ISO/IEC 2005 All rights reserve

20、dE.4 Web authentication and encryption checklist37 E.5 Network infrastructure checklist .37 E.6 Secure web server administration checklist 38 Annex F (informative) Wireless LAN security checklist40 Bibliography42 SANS 18028-4:2009This standard may only be used and printed by approved subscription an

21、d freemailing clients of the SABS.ISO/IEC 18028-4:2005(E) ISO/IEC 2005 All rights reserved vForeword ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are me

22、mbers of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international o

23、rganizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. International Standards are drafted in accordance with the rules given in the ISO

24、/IEC Directives, Part 2. The main task of the joint technical committee is to prepare International Standards. Draft International Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as an International Standard requires approval by at least 7

25、5 % of the national bodies casting a vote. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. ISO/IEC 18028-4 was prepared by Joint Technical Co

26、mmittee ISO/IEC JTC 1, Information technology, Subcommittee SC 27, IT Security techniques. ISO/IEC 18028 consists of the following parts, under the general title Information technology Security techniques IT network security: Part 2: Network security architecture Part 3: Securing communications betw

27、een networks using security gateways Part 4: Securing remote access Network security management and securing communications between networks using Virtual Private Networks will form the subjects of the future Parts 1 and 5, respectively. SANS 18028-4:2009This standard may only be used and printed by

28、 approved subscription and freemailing clients of the SABS.ISO/IEC 18028-4:2005(E) vi ISO/IEC 2005 All rights reservedIntroduction In Information Technology there is an ever increasing need to use networks within organizations and between organizations. Requirements have to be met to use networks se

29、curely. The area of remote access to a network requires specific measures when IT security should be in place. This part of ISO/IEC 18028 provides guidance for accessing networks remotely either for using email, file transfer or simply working remotely. SANS 18028-4:2009This standard may only be use

30、d and printed by approved subscription and freemailing clients of the SABS.INTERNATIONAL STANDARD ISO/IEC 18028-4:2005(E) ISO/IEC 2005 All rights reserved 1Information technology Security techniques IT network security Part 4: Securing remote access 1 Scope This part of ISO/IEC 18028 provides guidan

31、ce for securely using remote access a method to remotely connect a computer either to another computer or to a network using public networks and its implication for IT security. In this it introduces the different types of remote access including the protocols in use, discusses the authentication is

32、sues related to remote access and provides support when setting up remote access securely. It is intended to help network administrators and technicians who plan to make use of this kind of connection or who already have it in use and need advice on how to set it up securely and operate it securely.

33、 2 Terms, definitions and abbreviated terms For the purposes of this document, the following terms, definitions and abbreviated terms apply. 2.1 Access Point AP the system providing access from a wireless network to a terrestrial network 2.2 Advanced Encryption Standard AES a symmetric encryption me

34、chanism providing variable key length and allowing an efficient implementation specified as Federal Information Processing Standard (FIPS) 197 2.3 authentication the provision of assurance of the claimed identity of an entity. In case of user authentication, users are identified either by knowledge

35、(e.g., password), by possession (e.g., token) or by a personal characteristic (biometrics). Strong authentication is either based on strong mechanisms (e.g., biometrics) or makes use of at least two of these factors (so-called multi-factor authentication). 2.4 call-back a mechanism to place a call t

36、o a pre-defined or proposed location (and address) after receiving valid ID parameters 2.5 Challenge-Handshake Authentication Protocol CHAP a three-way authentication protocol defined in RFC 1994 SANS 18028-4:2009This standard may only be used and printed by approved subscription and freemailing cli

37、ents of the SABS.ISO/IEC 18028-4:2005(E) 2 ISO/IEC 2005 All rights reserved2.6 Data Encryption Standard DES a well-known symmetric encryption mechanism using a 56 bit key. Due to its short key length DES was replaced by the AES, but is still used in multiple encryption mode, e.g., 3DES or Triple DES

38、 (FIPS 46-3). 2.7 de-militarised zone DMZ a separated area of a local or site network whose access is controlled by a specific policy using firewalls. A DMZ is not part of the internal network and is considered less secure. 2.8 Denial of Service DoS an attack against a system to deter its availabili

39、ty 2.9 Digital Subscriber Line DSL a technology providing fast access to networks over local telecommunications loops 2.10 Dynamic Host Control Protocol DHCP an Internet protocol that dynamically provides IP addresses at start up (RFC 2131) 2.11 Encapsulating Security Payload ESP an IP-based protoco

40、l providing confidentiality services for data. Specifically, ESP provides encryption as a security service to protect the data content of the IP packet. ESP is an Internet standard (RFC 2406). 2.12 Extensible Authentication Protocol EAP an authentication protocol supported by RADIUS and standardised

41、 by the IETF in RFC 2284 2.13 File Transfer Protocol FTP an Internet standard (RFC 959) for transferring files between a client and a server 2.14 Internet Engineering Task Force IETF the group responsible for proposing and developing technical Internet standards 2.15 Internet Message Access Protocol

42、 v4 IMAP4 an email protocol which allows accessing and administering emails and mailboxes located on a remote email server (defined in RFC 2060) 2.16 Local Area Network LAN a local network, usually within a building SANS 18028-4:2009This standard may only be used and printed by approved subscription

43、 and freemailing clients of the SABS.ISO/IEC 18028-4:2005(E) ISO/IEC 2005 All rights reserved 32.17 modem hardware or software that modulates digital signals into analogue ones and vice versa (demodulation) for the purpose of using telephone protocols as a computer protocol 2.18 Multipurpose Interne

44、t Mail Extensions MIME a method allowing the transfer of multimedia and binary data via email; it is specified in RFC 2045 to RFC 2049 2.19 Network Access Server NAS a system, normally a computer, which provides access to an infrastructure for remote clients 2.20 one-time password OTP a password onl

45、y used once thus countering replay attacks 2.21 Passive mode PASV mode an FTP connection establishment mode 2.22 Password Authentication Protocol PAP an authentication protocol provided for PPP (RFC 1334) 2.23 Personal Digital Assistant PDA usually a handheld computer (palmtop computer) 2.24 Point-t

46、o-Point Protocol PPP a standard method for encapsulating network layer protocol information over point-to-point links (RFC 1334) 2.25 Post Office Protocol v3 POP3 an email protocol defined in RFC 1939 which allows a mail client to retrieve email stored on the email server 2.26 Pretty Good Privacy PG

47、P a publicly available encryption software program based on public key cryptography. The message formats are specified in RFC 1991 and RFC 2440. 2.27 Private Branch Exchange PBX usually a computer-based digital telephone switch for an enterprise SANS 18028-4:2009This standard may only be used and pr

48、inted by approved subscription and freemailing clients of the SABS.ISO/IEC 18028-4:2005(E) 4 ISO/IEC 2005 All rights reserved2.28 Remote Access Dial-in User Service RADIUS an Internet Security protocol (RFC 2138 and RFC 2139) for authenticating remote users 2.29 Remote Access Service RAS usually har

49、dware and software to provide remote access 2.30 remote access authorized access to a system from outside of a security domain 2.31 Request for Comment RFC the title for Internet standards proposed by the IETF 2.32 Secure Shell SSH a protocol that provides secure remote login utilising an insecure network. SSH is proprietary but will become an IETF standard in the near future. SSH was originally developed by SSH Communications Security. 2.33 Secure Sockets Layer SSL a protocol located between the

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1