欢迎来到麦多课文档分享! | 帮助中心 海量文档,免费浏览,给你所需,享你所想!
麦多课文档分享
全部分类
  • 标准规范>
  • 教学课件>
  • 考试资料>
  • 办公文档>
  • 学术论文>
  • 行业资料>
  • 易语言源码>
  • ImageVerifierCode 换一换
    首页 麦多课文档分享 > 资源分类 > PDF文档下载
    分享到微信 分享到微博 分享到QQ空间

    ANSI INCITS ISO IEC 18028-4-2005 Information technology - Security techniques - IT network security - Part 4 Securing remote access.pdf

    • 资源ID:436256       资源大小:1.25MB        全文页数:50页
    • 资源格式: PDF        下载积分:10000积分
    快捷下载 游客一键下载
    账号登录下载
    微信登录下载
    二维码
    微信扫一扫登录
    下载资源需要10000积分(如需开发票,请勿充值!)
    邮箱/手机:
    温馨提示:
    如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
    如需开发票,请勿充值!如填写123,账号就是123,密码也是123。
    支付方式: 支付宝扫码支付    微信扫码支付   
    验证码:   换一换

    加入VIP,交流精品资源
     
    账号:
    密码:
    验证码:   换一换
      忘记密码?
        
    友情提示
    2、PDF文件下载后,可能会被浏览器默认打开,此种情况可以点击浏览器菜单,保存网页到桌面,就可以正常下载了。
    3、本站不支持迅雷下载,请使用电脑自带的IE浏览器,或者360浏览器、谷歌浏览器下载即可。
    4、本站资源下载后的文档和图纸-无水印,预览文档经过压缩,下载后原文更清晰。
    5、试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。

    ANSI INCITS ISO IEC 18028-4-2005 Information technology - Security techniques - IT network security - Part 4 Securing remote access.pdf

    1、INCITS/ISO/IEC 18028-4-2005 (ISO/IEC 18028-4:2005, IDT) Information technology Securitytechniques IT network security Part 4: Securing remote accessINCITS/ISO/IEC 18028-4-2005 (ISO/IEC 18028-4:2005, IDT)INCITS/ISO/IEC 18028-4-2005 ii ITIC 2005 All rights reserved PDF disclaimer This PDF file may con

    2、tain embedded typefaces. In accordance with Adobes licensing policy, this file may be printed or viewed but shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In downloading this file, parties accept therein the responsib

    3、ility of not infringing Adobes licensing policy. The ISO Central Secretariat accepts no liability in this area. Adobe is a trademark of Adobe Systems Incorporated. Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation pa

    4、rameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below. Adopted by INCITS (InterNational Committee

    5、 for Information Technology Standards) as an American National Standard.ate of ANSI Approval: 11/3/2005 Published by American National Standards Institute, 25 West 43rd Street, New York, New York 10036 Copyright 2005 by Information Technology Industry Council (ITI). All rights reserved. These materi

    6、als are subject to copyright claims of International Standardization Organization (ISO), International Electrotechnical Commission (IEC), American National Standards Institute (ANSI), and Information Technology Industry Council (ITI). Not for resale. No part of this publication may be reproduced in

    7、any form, including an electronic retrieval system, without the prior written permission of ITI. All requests pertaining to this standard should be submitted to ITI, 1250 Eye Street NW, Washington, DC 20005. Printed in the United States of America INCITS/ISO/IEC 18028-4-2005 ITIC 2005 All rights res

    8、erved iii Contents Page Foreword .v Introduction vi 1 Scope 1 2 Terms, definitions and abbreviated terms.1 3 Aim 5 4 Overview .6 5 Security requirements 7 6 Types of remote access connection 8 7 Techniques of remote access connection 9 7.1 General9 7.2 Access to communications servers 9 7.3 Access t

    9、o LAN resources 13 7.4 Access for maintenance. 14 8 Guidelines for selection and configuration . 14 8.1 General 14 8.2 Protecting the RAS client . 15 8.3 Protecting the RAS server . 16 8.4 Protecting the connection 17 8.5 Wireless security 18 8.6 Organizational measures . 19 8.7 Legal considerations

    10、 20 9 Conclusion 20 Annex A (informative) Sample remote access security policy 21 A.1 Purpose. 21 A.2 Scope 21 A.3 Policy 21 A.4 Enforcement . 22 A.5 Terms and definitions 23 Annex B (informative) RADIUS implementation and deployment best practices . 24 B.1 General 24 B.2 Implementation best practic

    11、es 24 B.3 Deployment best practices 25 Annex C (informative) The two modes of FTP 27 C.1 PORT-mode FTP . 27 C.2 PASV-mode FTP . 27 Annex D (informative) Checklists for secure mail service . 29 D.1 Mail server operating system checklist . 29 D.2 Mail server and content security checklist 30 D.3 Netwo

    12、rk infrastructure checklist . 31 D.4 Mail client security checklist 32 D.5 Secure administration of mail server checklist . 32 Annex E (informative) Checklists for secure web services . 34 E.1 Web server operating system checklist 34 E.2 Secure web server installation and configuration checklist 35

    13、E.3 Web content checklist 36 INCITS/ISO/IEC 18028-4-2005 iv ITIC 2005 All rights reserved E.4 Web authentication and encryption checklist. 37 E.5 Network infrastructure checklist . 37 E.6 Secure web server administration checklist . 38 Annex F (informative) Wireless LAN security checklist . 40 Bibli

    14、ography . 42 INCITS/ISO/IEC 18028-4-2005 ITIC 2005 All rights reserved v Foreword ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC

    15、 participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, gover

    16、nmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Pa

    17、rt 2. The main task of the joint technical committee is to prepare International Standards. Draft International Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as an International Standard requires approval by at least 75 % of the national

    18、 bodies casting a vote. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. ISO/IEC 18028-4 was prepared by Joint Technical Committee ISO/IEC JTC

    19、 1, Information technology, Subcommittee SC 27, IT Security techniques. ISO/IEC 18028 consists of the following parts, under the general title Information technology Security techniques IT network security: Part 2: Network security architecture Part 3: Securing communications between networks using

    20、security gateways Part 4: Securing remote access Network security management and securing communications between networks using Virtual Private Networks will form the subjects of the future Parts 1 and 5, respectively. INCITS/ISO/IEC 18028-4-2005 vi ITIC 2005 All rights reserved Introduction In Info

    21、rmation Technology there is an ever increasing need to use networks within organizations and between organizations. Requirements have to be met to use networks securely. The area of remote access to a network requires specific measures when IT security should be in place. This part of ISO/IEC 18028

    22、provides guidance for accessing networks remotely either for using email, file transfer or simply working remotely. AMERICAN NATIONAL STANDARD INCITS/ISO/IEC 18028-4-2005 ITIC 2005 All rights reserved 1 Information technology Security techniques IT network security Part 4: Securing remote access 1 S

    23、cope This part of ISO/IEC 18028 provides guidance for securely using remote access a method to remotely connect a computer either to another computer or to a network using public networks and its implication for IT security. In this it introduces the different types of remote access including the pr

    24、otocols in use, discusses the authentication issues related to remote access and provides support when setting up remote access securely. It is intended to help network administrators and technicians who plan to make use of this kind of connection or who already have it in use and need advice on how

    25、 to set it up securely and operate it securely. 2 Terms, definitions and abbreviated terms For the purposes of this document, the following terms, definitions and abbreviated terms apply. 2.1 Access Point AP the system providing access from a wireless network to a terrestrial network 2.2 Advanced En

    26、cryption Standard AES a symmetric encryption mechanism providing variable key length and allowing an efficient implementation specified as Federal Information Processing Standard (FIPS) 197 2.3 authentication the provision of assurance of the claimed identity of an entity. In case of user authentica

    27、tion, users are identified either by knowledge (e.g., password), by possession (e.g., token) or by a personal characteristic (biometrics). Strong authentication is either based on strong mechanisms (e.g., biometrics) or makes use of at least two of these factors (so-called multi-factor authenticatio

    28、n). 2.4 call-back a mechanism to place a call to a pre-defined or proposed location (and address) after receiving valid ID parameters 2.5 Challenge-Handshake Authentication Protocol CHAP a three-way authentication protocol defined in RFC 1994 INCITS/ISO/IEC 18028-4-2005 2 ITIC 2005 All rights reserv

    29、ed 2.6 Data Encryption Standard DES a well-known symmetric encryption mechanism using a 56 bit key. Due to its short key length DES was replaced by the AES, but is still used in multiple encryption mode, e.g., 3DES or Triple DES (FIPS 46-3). 2.7 de-militarised zone DMZ a separated area of a local or

    30、 site network whose access is controlled by a specific policy using firewalls. A DMZ is not part of the internal network and is considered less secure. 2.8 Denial of Service DoS an attack against a system to deter its availability 2.9 Digital Subscriber Line DSL a technology providing fast access to

    31、 networks over local telecommunications loops 2.10 Dynamic Host Control Protocol DHCP an Internet protocol that dynamically provides IP addresses at start up (RFC 2131) 2.11 Encapsulating Security Payload ESP an IP-based protocol providing confidentiality services for data. Specifically, ESP provide

    32、s encryption as a security service to protect the data content of the IP packet. ESP is an Internet standard (RFC 2406). 2.12 Extensible Authentication Protocol EAP an authentication protocol supported by RADIUS and standardised by the IETF in RFC 2284 2.13 File Transfer Protocol FTP an Internet sta

    33、ndard (RFC 959) for transferring files between a client and a server 2.14 Internet Engineering Task Force IETF the group responsible for proposing and developing technical Internet standards 2.15 Internet Message Access Protocol v4 IMAP4 an email protocol which allows accessing and administering ema

    34、ils and mailboxes located on a remote email server (defined in RFC 2060) 2.16 Local Area Network LAN a local network, usually within a building INCITS/ISO/IEC 18028-4-2005 ITIC 2005 All rights reserved 3 2.17 modem hardware or software that modulates digital signals into analogue ones and vice versa

    35、 (demodulation) for the purpose of using telephone protocols as a computer protocol 2.18 Multipurpose Internet Mail Extensions MIME a method allowing the transfer of multimedia and binary data via email; it is specified in RFC 2045 to RFC 2049 2.19 Network Access Server NAS a system, normally a comp

    36、uter, which provides access to an infrastructure for remote clients 2.20 one-time password OTP a password only used once thus countering replay attacks 2.21 Passive mode PASV mode an FTP connection establishment mode 2.22 Password Authentication Protocol PAP an authentication protocol provided for P

    37、PP (RFC 1334) 2.23 Personal Digital Assistant PDA usually a handheld computer (palmtop computer) 2.24 Point-to-Point Protocol PPP a standard method for encapsulating network layer protocol information over point-to-point links (RFC 1334) 2.25 Post Office Protocol v3 POP3 an email protocol defined in

    38、 RFC 1939 which allows a mail client to retrieve email stored on the email server 2.26 Pretty Good Privacy PGP a publicly available encryption software program based on public key cryptography. The message formats are specified in RFC 1991 and RFC 2440. 2.27 Private Branch Exchange PBX usually a com

    39、puter-based digital telephone switch for an enterprise INCITS/ISO/IEC 18028-4-2005 4 ITIC 2005 All rights reserved 2.28 Remote Access Dial-in User Service RADIUS an Internet Security protocol (RFC 2138 and RFC 2139) for authenticating remote users 2.29 Remote Access Service RAS usually hardware and

    40、software to provide remote access 2.30 remote access authorized access to a system from outside of a security domain 2.31 Request for Comment RFC the title for Internet standards proposed by the IETF 2.32 Secure Shell SSH a protocol that provides secure remote login utilising an insecure network. SS

    41、H is proprietary but will become an IETF standard in the near future. SSH was originally developed by SSH Communications Security. 2.33 Secure Sockets Layer SSL a protocol located between the network layer and the application layer provides authentication of clients and server and integrity and conf

    42、identiality services. SSL was developed by Netscape and builds the basis for TLS. 2.34 Security/Multipurpose Internet Mail Extensions S/MIME a protocol providing secure multipurpose mail exchange. Its current version 3 consists of five parts: RFC 3369 and RFC 3370 define the message syntax, RFC 2631

    43、 to RFC 2633 define message specification, certificate handling and key agreement method. 2.35 Serial Line Internet Protocol SLIP a packet framing protocol specified in RFC 1055 for transferring data using telephone lines (serial lines) 2.36 Service Set Identifier SSID an identifier for wireless acc

    44、ess points, usually in the form of a name 2.37 Simple Mail Transfer Protocol SMTP an Internet protocol (RFC 821 and extensions) for sending mail to mail servers (outgoing) 2.38 Transport Layer Security Protocol TLS the successor of SSL is an official Internet Protocol (RFC 2246) INCITS/ISO/IEC 18028

    45、-4-2005 ITIC 2005 All rights reserved 5 2.39 Uniform Resource Locator URL the address scheme for web services 2.40 Uninterruptible Power Supply UPS usually a battery-based system to protect devices against power outages, sags and surges 2.41 User Datagram Protocol UDP an Internet networking protocol

    46、 for connectionless communications (RFC 768) 2.42 Virtual Private Network VPN a private network utilising shared networks. E.g., A network based on a cryptographic tunnelling protocol operating over another network infrastructure. 2.43 WiFi Protected Access WPA a specification for a security enhance

    47、ment to provide confidentiality and integrity for wireless communications; it includes the temporal key implementation protocol (TKIP). WPA is the successor of WEP. 2.44 Wired Equivalent Privacy WEP a cryptographic protocol offering stream cipher encryption with a key length of 128 bits; it is defin

    48、ed within the IEEE 802.11 Wireless LAN specifications 2.45 Wireless Fidelity WiFi a trademark provided by the WiFi Alliance promoting the use of wireless LAN equipment 2.46 Wireless LAN WLAN a network using radio frequencies. The most common standards in use are IEEE 802.11b and 802.11g with up to 1

    49、1 Mbps respectively 54 Mbps transfer rate utilising the 2,4 GHz frequency band. 3 Aim This part of ISO/IEC 18028 is intended to guide network administrators and IT security officers when confronted with the problems of securing remote access. It provides information on the various types and techniques for remote access and helps the intended audience to identify adequate measures to protect remote access against identified threats. It may also provide help to users who intend to access their office remotely from their home offi


    注意事项

    本文(ANSI INCITS ISO IEC 18028-4-2005 Information technology - Security techniques - IT network security - Part 4 Securing remote access.pdf)为本站会员(tireattitude366)主动上传,麦多课文档分享仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文档分享(点击联系客服),我们立即给予删除!




    关于我们 - 网站声明 - 网站地图 - 资源地图 - 友情链接 - 网站客服 - 联系我们

    copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
    备案/许可证编号:苏ICP备17064731号-1 

    收起
    展开