05140-01 Perimeter Control Concepts
-
Upload
bela-varkonyi -
Category
Documents
-
view
221 -
download
2
description
Transcript of 05140-01 Perimeter Control Concepts
Name: 05140-01 Perimeter Control ConceptsAuthor: Bela VarkonyiVersion: 1.8Created: 2014.07.14. 13:44:58Updated: 2014.08.08. 13:32:20
Security Enclave{1..*}
notesCollection of information systems connected by one or moreinternal networks under the control of a single authority andsecurity policy. The systems may be structured by physicalproximity or by function, independent of location.
Security Domain{1..*}
notesA security domain is a set of elements under agiven security policy administered by a singlesecurity authority for some specific security-relevant activ ities. [ITU-T X.810]Enclaves can be broken down into SecurityDomains or Communities of Interest (COIs).
Security Zone{1..*}
notesA security zone is defined byoperational control, location,and connectiv ity to otherdevice/network elements.
Security Environment
Protected Area{1..*}
Staging Environment
{1..4}
Security Perimeter
Security Perimeter Control
{0..*}
Ph ysical Perimeter Control
Lo g ical Perimeter Control
Admin istrative Perimeter Control
Ensure administrative accountability
A lign w ith physical security environments
Defend in depth
Ensure controlled staging by administrative domain separation
Avoid production data leakage to unauthorized personnel and partners in the staging process
Enable alignment and synergy of different type of security controls
Balance various security controls between effectiveness and effic iency
Compensate for weaknesses in host and application based security controls
Pro tected Device
Protected Host
Protected Application
Protected Communication
Enclave STIG V4R4
A lign w ith security policy scope boundaries
National Information Assurance (IA) Glossary
DoD Cybersecurity
Enclaves provide standard cybersecurity, such as boundary defense, incident detection and response, and key management, and also deliver common applications, such as office automation and electronic mail. Enclaves may be specific to an organization or a mission, and the computing environments may be organized by physical proximity or by function independent of location.
Security Enclave Boundary
notesPo int at which an encla ve’s internal n etwo rkservice layer conn ects to an exte rnal n etwo rk’sservice layer, i.e., to another enclave or to aWide Area Network (WAN).An enclave boundary is an entry/exit point of anetwork of dissimilar security policy
Enclaves always assume the highest security category of the ISs that they host, and derive their security needs from those systems.
Development Environment (DEV)
notesUnit testingOptionally: s imulation of integration interfaces
Integration Test Environment (ITST)
notesIntegration testingEmulation of integration interfaces
Acceptance Test Environment (ATST or UAT)
notesF inal acceptance testing for production rolloutLive integration interfaces of other test systems
Production Environment (PROD)
notesLive operations
A protected area is an intersection of a security zone and a security domain,
IT U-T X .805 Security architecture...
A lign w ith security planes
A given security domain may span multiple security zones. [ITU-T Y.2701]
«trace»
«trace»
1 ..*
«trace»
«trace»
«trace»
«trace»
«trace»
1 ..*
«trace»
«trace»
«trace»