Passer aux informations produits
1 de 12

PayPal, credit cards. Download editable-PDF and invoice in 1 second!

GB/T 36627-2018 English PDF (GBT36627-2018)

GB/T 36627-2018 English PDF (GBT36627-2018)

Prix habituel $255.00 USD
Prix habituel Prix promotionnel $255.00 USD
Promotion Épuisé
Frais d'expédition calculés à l'étape de paiement.
Delivery: 3 seconds. Download true-PDF + Invoice.
Get QUOTATION in 1-minute: Click GB/T 36627-2018
Historical versions: GB/T 36627-2018
Preview True-PDF (Reload/Scroll if blank)

GB/T 36627-2018: Information security technology -- Testing and evaluation technical guide for classified cybersecurity protection
GB/T 36627-2018
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Information security technology - Testing and evaluation
technical guide for classified cybersecurity protection
ISSUED ON: SEPTEMBER 17, 2018
IMPLEMENTED ON: APRIL 01, 2019
Issued by: State Administration for Market Regulation;
Standardization Administration of the People's Republic of
China.
Table of Contents
Foreword ... 3 
Introduction ... 4 
1 Scope ... 5 
2 Normative references ... 5 
3 Terms and definitions, abbreviations ... 5 
3.1 Terms and definitions ... 5 
3.1.1 dictionary attack ... 5 
3.1.2 file integrity checking ... 6 
3.1.3 network sniffer ... 6 
3.1.4 rule set ... 6 
3.1.5 target of testing and evaluation ... 6 
3.2 Abbreviations ... 6 
4 General ... 7 
4.1 Technical classification ... 7 
4.2 Selection of technology ... 7 
5 Requirements for classified testing and evaluation ... 8 
5.1 Check technology ... 8 
5.1.1 File check ... 8 
5.1.2 Log check ... 8 
5.1.3 Rule set check ... 9 
5.1.4 Configuration check ... 10 
5.1.5 File integrity check ... 11 
5.1.6 Cipher check ... 11 
5.2 Identification and analysis technologies ... 11 
5.2.1 Network sniffer ... 11 
5.2.2 Network port and service identification ... 12 
5.2.3 Vulnerability scanning ... 12 
5.2.4 Wireless scanning ... 13 
5.3 Vulnerability verification technology ... 14 
5.3.1 Password crack ... 14 
5.3.2 Penetration test ... 14 
5.3.3 Remote access test ... 16 
Annex A (informative) Activities after testing and evaluation ... 17 
Annex B (informative) Description on relevant concept of penetration test ... 19 
Bibliography ... 25 
Information security technology - Testing and evaluation
technical guide for classified cybersecurity protection
1 Scope
This Standard provides classifications and definitions of relevant testing and
evaluation technology in testing and evaluation for classified cybersecurity
protection (hereinafter referred to as “classified testing and evaluation”). It
proposes key elements, principle of technical testing and evaluation and makes
recommendations for analysis and application of testing and evaluation results.
This Standard is applicable to classified testing and evaluation that is performed
by testing and evaluation authority to classified cybersecurity protection target
(hereinafter referred to as “classified protection target”). It is also applicable to
security evaluation on classified security protection that is performed by
supervising department and operation using authority of classified protection
target to classified protection target.
2 Normative references
The following referenced files are indispensable for the application of this file.
For dated references, only the edition cited applies. For undated references,
the latest edition of the referenced file (including any amendments) applies.
GB 17859-1999, Classified criteria for security protection of computer
information system
GB/T 25069-2010, Information security technology - Glossary
3 Terms and definitions, abbreviations
3.1 Terms and definitions
Terms and definitions defined in GB 17859-1999 and GB/T 25069-2010 as well
as the followings apply to this file.
3.1.1 dictionary attack
an attack mode that it tries words or phrases in user’s custom dictionary one by
one when it is cracking password
4 General
4.1 Technical classification
Testing and evaluation technology that can be used to classified testing and
evaluation can be divided into the following three categories:
a) check technology: a testing and evaluation technology that checks
information system, matches institutional file, equipment and devices, and
discovers security vulnerabilities in related procedures and policies. It
usually adopts manual mode, mainly including file check, log check, rule
set check, system configuration check, file integrity check, cipher check;
b) identification and analysis technologies: testing and evaluation
technologies that identify system, port, service and potential security
vulnerabilities. These technologies can be implemented manually or by
using automated tools, mainly including network sniffer, network port and
service identification, vulnerability scanning, wireless scanning;
c) vulnerability verification technology: a testing and evaluation technology
that verifies existence of vulnerability. Based on results of check, target
identification and analysis, it intentionally and strategically implements
manually or by using automated tools, mainly including password crack,
penetration test, remote access test; verifies and confirms possible
security vulnerability to obtain evidence.
4.2 Selection of technology
When selecting and determining technology method that is used for classified
testing and evaluation activities, the factors that shall be considered mainly
include but not limited to target of testing and evaluation, applicability of testing
and evaluation technology, security risk that might be introduced by testing and
evaluation technology to target of testing and evaluation, so as to select a
suitable technology method.
When the selected technology method might have impact on target of testing
and evaluation during implementation, it shall give priority to test non-
production system that has same configuration with production system of target
of testing and evaluation. Test in non-business time or only use a technology
method that risk can be controlled to test in business operation time, so as to
minimize impact on business of target of testing and evaluation.
Testing and evaluation results after technology testing and evaluation are
implemented can be used for threat analysis, improvement suggestions, and
report generation of target of testing and evaluation. See Annex A for details.
a) authentication of server or system log, including successful or failed
authentication attempt;
b) operation system log, including starting and closing of system and service,
installation of unauthorized software, file access, security policy changes,
account changes (such as account creation and deletion, account rights
assignment), and permission usage;
c) IDS/IPS logs, including malicious behavior and inappropriate use;
d) firewall, switchboard, and router logs, including outbound connections
(such as bots, Trojans, spyware, etc.) that affect internal device, as well
as unauthorized connection attempts and improper use;
e) application log, including unauthorized connection attempts, account
change, permission use, as well as use information of application program
or database;
f) anti-virus logs, including virus killing, infection logs, and other events such
as upgrade failures, software expiration;
g) other security logs, such as patch management; it shall record information
such as service and application of known vulnerability;
h) network running status, network security event related logs; retention time
is not less than 6 months.
5.1.3 Rule set check
Main function of rule set check is to discover vulnerability of security control
measures based on rule set. Check targets include access control list, policy
set of network equipment, security equipment, database, operating system and
application system. Level-three and above protection targets shall also include
mandatory access control mechanism. When performing rule set check, it shall <...
Afficher tous les détails