ImageVerifierCode 换一换
格式:PDF , 页数:14 ,大小:439.63KB ,
资源ID:620647      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-620647.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(COE EC 25-1-246-1996 ENTERPRISE NETWORK OPERATING SECURITY PROCEDURES《企业网络运行安全性程序》.pdf)为本站会员(bowdiet140)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

COE EC 25-1-246-1996 ENTERPRISE NETWORK OPERATING SECURITY PROCEDURES《企业网络运行安全性程序》.pdf

1、CEIM-P CEIM-S Circular No. 25-1-246 DEPARTMENT OF THE ARMY U.S. Army Corps of Engineers Washington, DC 20314-1000 EC 25-1-246 30 November 1996 Expires 31 December 1998 Information Management ENTERPRISE NETWORK OPERATING SECURITY PROCEDURES 1. Pumose. a. This circular establishes Command policy for n

2、etwork operating security in the U.S. Amy Corps of Engineers for all computing and communications assets directly or indirectly connected to the Corps of Engineers Automation Plan (CEAP-IA) (COE) Network provided through the CEAP-IA program. b. This circular promulgates minimum security standards an

3、d procedures necessary to safeguard corporate information assets - hardware, software, data, and capacity (processing, storage, and transmission/bandwidth). c. For purposes of this document, network security compromise is divided into the following three general categories: (1) Breach of Confidentia

4、lity - involves unauthorized access to corporate information assets, (2) Denial of service - involves the unauthorized use of corporate information assets, or the prevention of authorized use of corporate information assets, and (3) Data compromise - involves unauthorized access to corporate informa

5、tion assets, with possible corruption of corporate data. d. These policies, standards, and procedures are necessary to ensure that: (1) Corporate information assets are not compromised, (2) Corporate information asset usage is not illegally converted, and that (3) Corporate information assets are no

6、t used as a vehicle for compromising the security of the Department of the Army, the Department of Defense, or any federal, state, or local agency using the Corps of Engineers as an information resource. Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-

7、,-EC 25-1-246 30 Nov 96 e. These policies and procedures will ensure that the Corps is able to: (1) present a defense in depth against any potential intruder by means of “firewalls, I “bastion hosts, I “proxying“ of selected network services, and “packet fil tering routers, I (2) identify any penetr

8、ation of corporate information assets with maximum accuracy in minimum time, and (3) minimize the damage to corporate information assets which any potential intruder can cause. 2. Atmlicabilitv. This circular is applicable to: a. All HQUSACE/OCE staff elements, USACE Major Subordinate Commands (MSC)

9、 and their Districts, Laboratories, Centers, and Field Operating Activities (FOA) . b. Use of any electronic medium for transmission, storage, or processing of data or information and the creation of records for which the US Army Corps of Engineers or its representatives have stewardship and which m

10、akes use of Corps automation or telecommunications resources in a networked environment. c. All government employees, contractor employees, or other personnel having operational access, either directly or indirectly to, and use of, Corps of Engineers Automation Plan (CEAP-IA) automation and telecomm

11、unications assets. 3. References. Related references are listed in Appendix A. Definitions and Acronyms are in Appendix B. 4. Policv. It is the policy of the Corps that: a. Network Access Will Be Strictly Controlled. (1) All dial-in access to Corps of Engineers (COE) information assets at any organi

12、zational level will be strictly controlled by USERID/PASSWORD in accordance with AR 380-19. (2) All INTERNET access will be accomplished through CEAP-IA Program Office designated ingress and egress points. (3) Access to the INTERNET by non-CEAP-IA provided and controlled dual- homed devices, i.e. de

13、vices (modems, routers, etc.) which are simultaneously connected physically and/or logically to both the internal network(s) and to the INTERNET is strictlv prohibited, unless waived in accordance with Para. 5. 2 Provided by IHSNot for ResaleNo reproduction or networking permitted without license fr

14、om IHS-,-,-COE EC 25-1-246 m 3515789 0822bYY 231 rn EC 25-1-246 30 Nov 96 b. Inbound Internet Network Services Will Be Strictly Controlled. (1) The following communications services/capabilities will be provided by the CEAP-IA Network Control Center and controlled via packet filtering and these serv

15、ices will be restricted to “INTERNET Accessible“ corporate information assets: (a) File-Transfer Protocol (FTP), (b) Hypertext-Transfer-Protocol (HTTP), (c) Telnet, (d) X-Windows, and (e) Domain Name Server (DNS) host lookups. (2) Select communications services/capabilities will be provided only thr

16、ough designated servers: (a) Network News Transfer Protocol (NNTP), (b) X-Windows (proxy server), and (c) Simple Mail Transfer Protocol (SMTP) . (3) Domain Name Server (DNS) host lookups will be permitted through the INTERNET firewall gateways. (4) All services not specifically authorized are prohib

17、ited. (5) It will be possible for INTERNET inbound users to access a single designated Corps ORACLE WebServer for the purpose of retrieving selected data imported from a “Corps Trusted“ ORACLE database. c. Data Will Be Partitioned Into “INTERNET Accessible“ and “Corps Trusted“ Data Sets, and Segrega

18、ted By Network Segment. (1) All data and data presentations (including “web pages“ , which are to be made available to the public will be partitioned into two data sets - an “INTERNET Accessible“ data set and a “Corps Trusted“ data set. (2) No “Corps Trusted“ data set or data presentation will be ac

19、cessible via the INTERNET, except in accordance with AR 380-19. 3 Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-COE EC 25-3-246 D 3515789 0822b4.5 178 I EC 25-1-246 30 Nov 96 (3) “INTERNET Accessible“ data sets and data presentations will be period

20、ically refreshed from the appropriate “Corps Trusted“ data sets in accordance with procedures established by the Functional Proponent as data security cannot be assumed. (4) All data on “INTERNET Accessible“ servers will be monitored for data quality (accuracy and completeness). (5) All data on “INT

21、ERNET Accessible“ servers will be backed up in accordance with standard operating procedures. (6) Outbound initiated connections from “INTERNET accessible“ network segments to Corps Trusted“network segments will be denied - with the exception of mail and DNS server access. d. All Commuaications Sess

22、ions Will Be Subject To Monitoring. (1) All communications sessions are subject to automatic and/or random session monitoring. (2) All monitored sessions will be subject to extensive “logging“ of “session profile“ data. (3) Any communications session that shows evidence of having been compromised ca

23、n and will be traced, and/or terminated at the discretion of CEAP-IA Network Control Center/Alternate Network Control Center security personnel. Any such deliberate interruption of services may result in the complete termination of data communications to/from a particular platform, component, or net

24、work segment. All such incidents will be reported to the local and enterprise Information Systems Security Manager (ISSM) or Information Systems Security Officer (ISSO) . e. All Corporate Network Security Controls Will Be Implemented, Managed, and Controlle By the CW-IA Program Office. (1) All packe

25、t filtering routers used for control of CEAP network communications ingress and egress will be under the control and management of the CEAP-IA Network Control Center/Alternate Network Control Center security personnel. (2) All “firewalls,“ associated hardware platforms, and hardware/software, will b

26、e under the control and management of the CEAP-IA Network Control Center/Alternate Network Control Center security personnel. 4 Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-COE EC 25-1-246 3535789 0822646 004 H EC 25-1-246 30 Nov 96 (3) All “basti

27、on hosts“ or “proxying“ servers, or single purpose “sacrificial“ servers providing selected services, will be under the control and management of the CEAP-IA Network Control Center/Alternate Network Control Center security personnel; this includes INTERNET Accessible“ servers resourced by Functional

28、 Proponents. (4) INTRANET Accessible servers, used for purely internal communications, will remain under Functional Proponent control and management. 5. DoD 8120.2-M, Interim Guidance on Conducting Automated Information System (AIS) Life-Cycle Management, Section 9, Security Planning; and the USACE

29、Managers Guide to the Life Cycle Management of Automated Information Systems, Appendix 7. e. All waiver requests for existing automation or telecommunication resource configurations will be submitted within six (6) months of the issuance of this circular. f. All waiver requests for actions not yet e

30、mplaced, but anticipated to be in violation of this circular will be submitted to the CEAP-IA Program Office not less than six (6) weeks before any effort attempting execution of said actions is made. g. Waiver requests will be submitted to, analyzed, reviewed, and approved or denied by the CEAP-IA

31、Program Office in coordination with the USACE Office of Security and Law Enforcement. 6. ResDonsibilities. a. The HQUSACE Director of Information Management (CEIM) will ensure that appropriate enterprise network operating security policies and procedures are in place and are based on contemporary te

32、chnology and security practices. b. The HQUSACE Office of Security and Law Enforcement (CEPM) will: (1) Support the Directorate of Information Management in (DIM) reporting and responding to all CEAP-IA network security 6 Provided by IHSNot for ResaleNo reproduction or networking permitted without l

33、icense from IHS-,-,-COE EC 25-1-246 3515789 0822648 987 W EC 25-1-246 30 Nov 96 violations. (2) Ensure that appropriate Department of the Army (DA) and Department of Defense (DoD) security personnel are notified of suspected or verified network security violations. (3) Assist DIM in securing adequat

34、e: (a) funding for security related acquisitions, and (b) training for all Corps personnel having significant security responsibilities. (4) Coordinate with the CEAP-IA Program Management Office (CEIM-S) in the analysis, reviewing and approval/denial of waiver requests. c. The CEAP-IA Program Manage

35、ment Office (CEIM-S) will: (1) Ensure availability of resources to acquire and sustain corporate information assets in support of the Corps necessary “INTERNET Accessible“ network segments. (2) Oversee the distribution and allocation of resources to support the Corps “INTERNET Accessible“ network se

36、gments. (3) Acquire and distribute necessary security software (e.g., firewalls, proxy servers, etc. 1 . (4) Provide for the backup of all corporate “INTERNET Accessible“ network segments, and (5) Provide for the Continuity of Operations (COOP) of corporate “INTERNET Accessible“ network segments. (6

37、) Review, analyze, and recommend approval or denial of waiver requests, in coordination with CEPM. d. The CEAP-IA Network Control Center, Western Processing Center (WPC) will : (1) Manage the operations and control of the packet filtering router(s). (2) Operate the designated proxy servers. (3) Oper

38、ate the SMTP server (s) . (4) Operate the “TP server (s) . 7 Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-COE EC 25-1-246 m 3535789 0822649 813 m EC 25-1-246 30 Nov 96 e. The Alternate Network Control Center, CEAP-IA Program Management Office(CEAP

39、-PM0)Information Infrastructure Support Branch (CEIM-SI) will: (1) Establish and maintain the rules base for packet filtering. (2) Determine the criteria for selection of necessary security hardware/software, electronic tokens, firewalls, proxy servers, etc. (3) Oversee the acquisition, distribution

40、, and maintenance of necessary security hardware/software, electronic tokens, firewalls, proxy servers, etc. f. The U.S. Army Cold Regions Research and Engineering Laboratory (CRREL), as the USACE Internet/Intranet Support Center will: (1) Operate corporate “INTERNET Accessible“ servers (as defined

41、in this circular, and funded by the CEAP-IA Program Management Office or other proponent activity) on a reimbursable basis. (2) Provide support and assistance to USACE elements who elect to make use of corporate “INTERNET Accessible“ servers. (3) Support the network security program by continuously

42、gathering technical information on potential security threats to USACE automation assets and ensuring that relevant information is distributed appropriately. (4) Support the USACE network security program by maintaining an active, thorough awareness of state-of-the-art in INTERNET technology, standa

43、rds, tools, and security capabilities and weaknesses; employing such tools and awareness in the protection of corporate “INTERNET Accessible“ systems; and, advising USACE elements in the employment of such tools and techniques for the protection of local assets. (5) Incorporating appropriate INTERNE

44、T specific security issues awareness into various presentations and training sessions that CRREL presents throughout USACE. g. All HQUSACE staff elements and Commanders, USACE Major Subordinate Commands (MSC) and their Districts (including Resident, Area, and Project Offices), Laboratories, Centers,

45、 and Field Operating Activities (FOA) shall: (1) Ensure that organization appointed Information Systems 8 Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,- COE EC 25-1-2Yb m 3535789 0822650 535 m EC 25-1-246 30 Nov 96 Security Manegers(fSCMs), nformat

46、ion System Security officers (ISSOS), Network Security Officers NSOs), and Systems Administrators (SAS) are familiar with and comply with policies and procedures as set forth by this circular. (2) Ensure that all communications assets within their purview come into compliance with the requirements o

47、f this circular within nine (9) months of publication. (31 Ensure that adequate resources for security-related acquisitions, training, and awareness are programed in the operating budgets . h. All USACE Directors of Information Management (DIMS), and Chiefs of Information Management (CIMs) shall: (1

48、) Be familiar the requirements of this circular and ensure cornpliance with the requirements of this circular by their subordinates within 9 months of publication. (21 Encourage the centralization of network security requirements within organizational areas. i- The Functional Proponents of Automated

49、 Information Systems (AIS) and/or computing/communications resources external to the enterprise network will: (11 Comgly with requirements of this circular, including waiver applications if deemed necessary. (2) Ensure the availability of funds/resources to acquire and/or maintain hardware and/or software required to support dedicated functional data servers and/or support any uniquely identified network operating security procedure r

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1