BS-ISO-IEC-18028-3-2005.pdf
《BS-ISO-IEC-18028-3-2005.pdf》由会员分享,可在线阅读,更多相关《BS-ISO-IEC-18028-3-2005.pdf(32页珍藏版)》请在三一文库上搜索。
1、BRITISH STANDARD BS ISO/IEC 18028-3:2005 Information technology Security techniques IT network security Part 3: Securing communications between networks using security gateways ICS 35.040 ? Licensed Copy: sheffieldun sheffieldun, na, Thu Nov 23 04:15:36 GMT+00:00 2006, Uncontrolled Copy, (c) BSI BS
2、ISO/IEC 18028-3:2005 This British Standard was published under the authority of the Standards Policy and Strategy Committee on 17 January 2006 BSI 17 January 2006 ISBN 0 580 47593 X National foreword This British Standard reproduces verbatim ISO/IEC 18028-3:2005 and implements it as the UK national
3、standard. The UK participation in its preparation was entrusted to Technical Committee IST/33, Information technology Security techniques, which has the responsibility to: A list of organizations represented on this committee can be obtained on request to its secretary. Cross-references The British
4、Standards which implement international publications referred to in this document may be found in the BSI Catalogue under the section entitled “International Standards Correspondence Index”, or by using the “Search” facility of the BSI Electronic Catalogue or of British Standards Online. This public
5、ation does not purport to include all the necessary provisions of a contract. Users are responsible for its correct application. Compliance with a British Standard does not of itself confer immunity from legal obligations. aid enquirers to understand the text; present to the responsible internationa
6、l/European committee any enquiries on the interpretation, or proposals for change, and keep the UK interests informed; monitor related international and European developments and promulgate them in the UK. Summary of pages This document comprises a front cover, an inside front cover, the ISO/IEC tit
7、le page, pages ii to v, a blank page, pages 1 to 22, an inside back cover and a back cover. The BSI copyright notice displayed in this document indicates when the document was last issued. Amendments issued since publication Amd. No. DateComments Licensed Copy: sheffieldun sheffieldun, na, Thu Nov 2
8、3 04:15:36 GMT+00:00 2006, Uncontrolled Copy, (c) BSI Reference number ISO/IEC 18028-3:2005(E) INTERNATIONAL STANDARD ISO/IEC 18028-3 First edition 2005-12-15 Information technology Security techniques IT network security Part 3: Securing communications between networks using security gateways Techn
9、ologies de linformation Techniques de scurit Scurit de rseaux TI Partie 3: Communications de scurit entre rseaux utilisant des portails de scurit BS ISO/IEC 18028-3:2005 Licensed Copy: sheffieldun sheffieldun, na, Thu Nov 23 04:15:36 GMT+00:00 2006, Uncontrolled Copy, (c) BSI ii Licensed Copy: sheff
10、ieldun sheffieldun, na, Thu Nov 23 04:15:36 GMT+00:00 2006, Uncontrolled Copy, (c) BSI iii Contents Page Foreword iv Introduction v 1 Scope 1 2 Normative references1 3 Terms and definitions .1 4 Abbreviated terms .4 5 Security requirements.5 6 Techniques for security gateways.5 6.1 Packet filtering.
11、5 6.2 Stateful packet inspection6 6.3 Application proxy.6 6.4 Network Address Translation (NAT)6 6.5 Content analyzing and filtering7 7 Security gateway components.7 7.1 Switches .7 7.2 Routers .8 7.3 Application Level Gateway.8 7.4 Security Appliances 8 8 Security Gateway Architectures.8 8.1 Struct
12、ured approach .9 8.1.1 Packet filter firewall architecture .9 8.1.2 Dual-homed gateway architecture.10 8.1.3 Screened host architecture 11 8.1.4 Screened subnet architecture12 8.2 Staged approach13 8.2.1 Single and multi-staged security gateway architecture 14 9 Guidelines for selection and configur
13、ation 16 9.1 Selection of a security gateway architecture and appropriate components.17 9.2 Hardware and software platform17 9.3 Configuration .17 9.4 Security features and settings .18 9.5 Administration19 9.6 Logging.19 9.7 Documentation.20 9.8 Audit20 9.9 Training and education .20 9.10 Miscellan
14、eous 20 Bibliography22 BS ISO/IEC 18028-3:2005 Licensed Copy: sheffieldun sheffieldun, na, Thu Nov 23 04:15:36 GMT+00:00 2006, Uncontrolled Copy, (c) BSI iv Foreword ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized
15、system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committee
16、s collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. International St
17、andards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of the joint technical committee is to prepare International Standards. Draft International Standards adopted by the joint technical committee are circulated to national bodies for voting. Publica
18、tion as an International Standard requires approval by at least 75 % of the national bodies casting a vote. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO and IEC shall not be held responsible for identifying any or all such
19、patent rights. ISO/IEC 18028-3 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 27, IT Security techniques. ISO/IEC 18028 consists of the following parts, under the general title Information technology Security techniques IT network security: Part 2: N
20、etwork security architecture Part 3: Securing communications between networks using security gateways Part 4: Securing remote access The following parts are under preparation: Part 1: Network security management Part 5: Securing communications across networks using Virtual Private Networks BS ISO/IE
21、C 18028-3:2005 Licensed Copy: sheffieldun sheffieldun, na, Thu Nov 23 04:15:36 GMT+00:00 2006, Uncontrolled Copy, (c) BSI v Introduction The telecommunications and information technology industries are seeking cost-effective comprehensive security solutions. A secure network should be protected agai
22、nst malicious and inadvertent attacks, and should meet the business requirements for confidentiality, integrity, availability, non-repudiation, accountability, authenticity and reliability of information and services. Securing a network is also essential for maintaining the accuracy of billing or us
23、age information as appropriate. Security capabilities in products are crucial to overall network security (including applications and services). However, as more products are combined to provide total solutions, the interoperability, or the lack thereof, will define the success of the solution. Secu
24、rity must not only be a thread of concern for each product or service, but must be developed in a manner that promotes the interweaving of security capabilities in the overall end-to-end security solution. Thus, the purpose of ISO/IEC 18028 is to provide detailed guidance on the security aspects of
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- BS ISO IEC 18028 2005
链接地址:https://www.31doc.com/p-3750820.html