GOST R ISO IEC 27033-3-2014 Information technology Security techniques Network security Part 3 Reference networking scenarios Threats design techniques and control issues《 信息技术 安全技.pdf

1、 / 27033-3 2014 3 , ISO/IEC 27033-3:2010 Information technology Security techniques Network security Part 3: Reference networking scenarios Threats, design techniques and control issues (IDT) 2014 / 27033-32014 II 1 - ( ) - - ( ) , 4 2 22 3 - 09 2014 . 1029- 4 / 27033-3:2010 - . . . 3. . , (ISO/IEC

2、27033-3:2010 Information technology Security techniques Network security Part 3: Reference networking scenarios Threats, design techniques and control issues) - , - . 5 1.02012 ( 8). ( 1 ) , -. () - . , (gost.ru) , 2014 -, - / 27033-32014 III 1 .1 2 .1 3 .2 4 2 5 2 6 4 7 .6 7.1 .6 7.2 7 7.3 8 8 - 9

3、8.1 .9 8.2 10 8.3 .11 9 - 11 9.1 .11 9.2 12 9.3 .13 10 .14 10.1 .14 10.2 14 10.3 .15 11 16 11.1 .16 11.2 16 11.3 .17 12 .17 12.1 .17 12.2 17 12.3 .19 13 19 13.1 .19 13.2 20 13.3 .20 14 .22 14.1 .22 14.2 22 14.3 .23 15 23 15.1 .23 15.2 24 15.3 .25 A () 26 B () .30 () .34 / 27033-32014 IV / 27033-3 /

4、1, - , 27, . / 27033 , . . : - 1: ; - 2: ; - 3: . , . : - 4: . , , ; - 5: . , , . , : - , , , , - , IP- (, , ), -, - ( ) . / 27033-32014 1 3 , Information technology. Security techniques. Network security. Part 3. Reference networking scenarios. Threats, design techniques and control issues 201511 0

5、1 1 , , , . - , , . , , / , / - , / 27033-2. ( , / 27033-4 / 27033-6) , . . - () , . , / 27033 . 2 . . - ( -). / 27000 . . . (ISO/IEC 27000, Infor-mation technology Security techniques Information security management systems Overview and vo-cabulary) / 27033-1 . . . 1. (ISO/IEC 27033-1, Information

6、technology Security techniques Network security Part 1: Overview and concepts) / 27033-32014 2 3 / 27000 / 27033-1, : 3.1 (malware, malicious software): , - , , () . . / 27032. 3.2 (opacity): , , - . - . 3.3 (outsourcing): , . 3.4 (social engineering): - . 4 : AAA , (authentication, authorization an

7、d accounting); DHCP 1)(dynamic host configuration protocol); DNS (domain name service); DNSSEC (DNS Security extensions); DoS (denial of service); FTP (file transfer protocol); IDS (intrusion detection system); IP - (Internet protocol); IPSec - (IP security protocol); OAM PDA (personal data assistan

8、t); QoS (quality of service); SIP (session initiation protocol); SMTP (simple mail transfer protocol); SNMP (simple network management protocol); SSL ( ) (secure socket layer (encryption and authentication protocol); VoIP - (voice over Internet Protocol); VPN (virtual private network); (open systems

9、 interconnection OSI); (public switched telephone net-work PSTN). 5 : - , ( 6); - ( 7 - 15), : - ; 1) , TCP/IP. / 27033-32014 3 - , , 6. , : - , , , , , ; - , , -. , , , - . 1 , - - - - - - - - - - - - - - - - - - - - - - - - - - - , , , : - ( 7); - - ( 8); - - ( 9); - ( 10); - ( 11); - ( 12); - ( 13); - ( 14); - ( 15). / 27033-32014 4 6 , , : - ; - , ; - ; - ; - . , . . , -, . , . , . , , . , -,