Eicon Networks S92 Manual de usuario descargar pdf (Pagina 36)

YuChakTinMichael‘sGIACGCFWProjectAssignment

Page 36

4,IDS:

n TheIDScanalertInternal_AdminviaSMTP.

n Snort(http://www.snort.org/)isanidealIDSsoftwareforsuchpurpose.

n Tobesecure,theIDSitselfishardenedandisprotectedbyafirewallservice

runningonitself.

n TheIDShasitsownSMTPservicesolelyforsendingalerts sendingemailsto

theadministrator’smailboxlocatedintheinternalemailserver.

5,Dropandlogeverythingelse.

PoliciesatISA_Cache

1. Provideproxyserviceforinternalclientsaccessingtheinternet.Protocols

allowedinclude:HTTP,HTTPS,FTP,SMTP,POP3,IMAP,DNS,NNTP

2. ProvideHTTPandFTPcachingserviceforinternalclientsaccessingtheinternet.

3. AllowoutgoingPPTPtrafficfrominternalPPPbasedVPNclientsaccessing

externalpartners'VPNsites.

4. Preventunauthorizedusersfromaccessingtheproxyservice.

5. Disallowanyincomingrequestsfromtheoutsideworld.

6. Disalloweverythingelse.

PoliciesatVisNetic_1

1. OnlyInternal_Admincanfreelyaccessallsegmentsbehindthisfirewallwith

anyprotocolhe/shelikes.

2. ExternalpartnersandsupplierscanaccessonlytheCritical_Resourcessegment.

SuchaccessmustoriginatefromCore_NetviaW2K_VPN,usingHTTPand

HTTPSastheprotocols.Theiraccessmustberestrictedbyapplicationlevel

authenticationandauthorization.

3. Internal_ClientsandInternal_DevcanaccessInternal_Serverswithanyprotocol,

althoughtheiraccessmustberestrictedbysystemlevelauthenticationand

authorization.

4. Internal_ClientsandInternal_DevcanaccessCritical_ResourcesonlyviaHTTP

andHTTPS.Theiraccessmustberestrictedbyapplicationlevelauthentication

andauthorization.

1 2 ... 31 32 33 34 35 36 37 38 39 40 41 ... 208 209

Sin comentarios

Eicon Networks S92 Manual de usuario Pagina 36