1
/
of
5
www.ChineseStandard.us -- Field Test Asia Pte. Ltd.
GB/T 25068.1-2020 English PDF (GB/T25068.1-2020)
GB/T 25068.1-2020 English PDF (GB/T25068.1-2020)
Regular price
$695.00
Regular price
Sale price
$695.00
Unit price
/
per
Shipping calculated at checkout.
Couldn't load pickup availability
GB/T 25068.1-2020: Information technology. Security techniques. Network security - Part 1: Overview and concepts
Delivery: 9 seconds. Download (& Email) true-PDF + Invoice.
Get Quotation: Click GB/T 25068.1-2020 (Self-service in 1-minute)
Historical versions (Master-website): GB/T 25068.1-2020
Preview True-PDF (Reload/Scroll-down if blank)
GB/T 25068.1-2020
GB
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
GB/T 25068.1-2020 / ISO/IEC 27033-1:2015
Replacing GB/T 25068.1-2012
Information technology - Security techniques - Network
security - Part 1: Overview and concepts
(ISO/IEC 27033-1:2015, IDT)
ISSUED ON: NOVEMBER 19, 2020
IMPLEMENTED ON: JUNE 01, 2021
Issued by: State Administration for Market Regulation;
Standardization Administration of the People's Republic of China.
Table of Contents
Foreword ... 4
Introduction ... 7
1 Scope ... 10
2 Normative references ... 10
3 Terms and definitions ... 11
4 Symbols and abbreviated terms ... 16
5 Structure ... 19
6 Overview ... 21
6.1 Background ... 21
6.2 Network security planning and management ... 23
7 Identifying risks and preparing to identify security controls ... 26
7.1 Introduction ... 26
7.2 Information on current and/or planned networking ... 26
7.2.1 Security requirements in corporate information security policy ... 26
7.2.2 Information on current/planned networking ... 27
7.3 Information security risks and potential control areas ... 32
8 Supporting controls ... 36
8.1 Introduction ... 36
8.2 Management of network security ... 36
8.2.1 Background ... 36
8.2.2 Network security management activities ... 36
8.2.3 Network security roles and responsibilities ... 40
8.2.4 Network monitoring ... 41
8.2.5 Evaluating network security ... 41
8.3 Technical vulnerability management ... 41
8.4 Identification and authentication ... 42
8.5 Network audit logging and monitoring ... 43
8.6 Intrusion detection and prevention ... 45
8.7 Protection against malicious code ... 46
8.8 Cryptographic based services ... 47
8.9 Business continuity management ... 48
9 Guidelines for the design and implementation of network security ... 49
9.1 Background ... 49
9.2 Network technical security architecture/design ... 50
10 Reference network scenarios - Risks, design, techniques and control issues ... 53
10.1 Introduction ... 53
10.2 Internet access services for employees ... 53
10.3 Enhanced collaboration services ... 53
10.4 Business to business services ... 54
10.5 Business to customer services ... 54
10.6 Outsourced services ... 55
10.7 Network segmentation ... 55
10.8 Mobile communication ... 56
10.9 Networking support for travelling users ... 56
10.10 Networking support for home and small business office ... 56
11 "Technology" topics - Risks, design techniques and control issues ... 57
12 Develop and test security solution ... 57
13 Operate security solution ... 58
14 Monitor and review solution implementation ... 59
Annex A (informative) Cross-references between ISO/IEC 27001/27002 network
security related controls and ISO/IEC 27033-1 clauses/subclauses ... 60
Table A.1 -- By ISO/IEC 27001, ISO/IEC 27002 subclauses ... 60
Table A.2 -- By this Part subclauses ... 62
Annex B (informative) Example template for a SecOPs document ... 64
Bibliography ... 70
Foreword
GB/T 25068-2020 "Information technology - Security techniques - Network security"
is currently divided into the following 5 parts:
- Part 1: Overview and concepts;
- Part 2: Guidelines for the design and implementation of network security;
- Part 3: Securing communications between networks using security gateways;
- Part 4: Securing remote access;
- Part 5: Securing communications across networks using virtual private networks.
This is Part 1 of GB/T 25068.
This Part was drafted in accordance with the rules given in GB/T 1.1-2009.
This Part replaces GB/T 25068.1-2012 "Information technology. Security techniques.
Network security -- Part 1: Overview and concepts". Compared with GB/T 25068.1-
2012, the main technical changes in this Part are as follows:
- Add the contents such as "Supporting controls", " Reference network scenarios -
Risks, design, techniques and control issues" and "Develop and test security
solution". Delete contents such as "Target" and "Crypto-based services in public
infrastructure" (see Chapter 8, Chapter 10, Chapter 12 of this Edition; Chapter 2,
Chapter 13 of Edition 2012);
- Add the contents such as "Supporting controls", "Reference network scenarios -
Risks, design, techniques and control issues" and "Develop and test security
solution". Delete contents such as "Target" and "Crypto-based services in public
infrastructure" (see Chapter 8, Chapter 10, Chapter 12 of this Edition; Chapter 2,
Chapter 13 of Edition 2012);
- Delete the dated references to GB/T 22081-2008, GB/T 25068.2-2012, and GB/T
25068.3-2010. Add the undated references to ISO/IEC 27000, ISO/IEC 27001,
ISO/IEC 27002, ISO/IEC 27005 (see Chapter 2 of this Edition; Chapter 2 of
Edition 2012);
- Delete the terms and definitions such as "security dimension" and "spam". Add the
terms and definitions such as “architecture” and “information security policy”
(see Chapter 3 of this Edition; Chapter 3 of Edition 2012);
- Delete the abbreviations such as "Telnet" and "TETRA". Add the abbreviations
such as "BPL", "CA" and "DPNSS" (see Chapter 4 of this Edition; Chapter 4 of
Edition 2012);
Remote users can be connected through VPN technology, and they may further use
wireless connection facilities like public WLAN hotspots for accessing the Internet.
Alternatively, remote users can use the telephone network for establishing direct dial-
up connections to a Remote Access Server, which is often located within the DMZ
environment of the Internet Firewall.
When an organization decides to use VoIP technologies to implement the internal
telephone network, then appropriate security gateways to the phone network are
typically present as well.
Business opportunities afforded by new network environments should be balanced
against the risks posed by the newer technologies. For example, the Internet has a
number of technical features which can cause concerns from a security point of view,
as it was originally designed with resilience rather than security as a priority - and many
of the underlying protocols in common use are not naturally secure. There are a large
number of people in the global environment who have the capacity, knowledge and
inclination to access the underlying mechanisms and protocols and create security
incidents, ranging from unauthorized access to full scale destructive denial of service.
6.2 Network security planning and management
When considering network connections, all those persons in the organization who have
responsibilities associated with the connections should be clear about the business
requirements and benefits, the related security risks, and the related technical security
architectural aspects/design techniques and security control areas. The business
requirements and benefits will influence many decisions and actions taken in the
process of considering network connections, identifying technical security architectural
aspects/design techniques and potential security control areas, and then eventually
selecting, designing, implementing and maintaining secure networks.
The overall process for achieving and maintaining required network security can be
summarized as follows:
a) determine scope/context and then assess security risks:
- gather information on the current and/or planned network environment:
- review the corporate information security policy for statements on network
related risks that will always be considered as high, and on network security
controls that will need to be implemented regardless of the assessed risks.
- (Note that this policy should also contain the organization’s position on
(1) regulatory and legislative security requirements relating to network
connections as defined by the relevant regulatory or legislative bodies
(including national government agencies), and
GB/T 25068.1-2020
GB
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
GB/T 25068.1-2020 / ISO/IEC 27033-1:2015
Replacing GB/T 25068.1-2012
Information technology - Security techniques - Network
security - Part 1: Overview and concepts
(ISO/IEC 27033-1:2015, IDT)
ISSUED ON: NOVEMBER 19, 2020
IMPLEMENTED ON: JUNE 01, 2021
Issued by: State Administration for Market Regulation;
Standardization Administration of the People's Republic of China.
Table of Contents
Foreword ... 4
Introduction ... 7
1 Scope ... 10
2 Normative references ... 10
3 Terms and definitions ... 11
4 Symbols and abbreviated terms ... 16
5 Structure ... 19
6 Overview ... 21
6.1 Background ... 21
6.2 Network security planning and management ... 23
7 Identifying risks and preparing to identify security controls ... 26
7.1 Introduction ... 26
7.2 Information on current and/or planned networking ... 26
7.2.1 Security requirements in corporate information security policy ... 26
7.2.2 Information on current/planned networking ... 27
7.3 Information security risks and potential control areas ... 32
8 Supporting controls ... 36
8.1 Introduction ... 36
8.2 Management of network security ... 36
8.2.1 Background ... 36
8.2.2 Network security management activities ... 36
8.2.3 Network security roles and responsibilities ... 40
8.2.4 Network monitoring ... 41
8.2.5 Evaluating network security ... 41
8.3 Technical vulnerability management ... 41
8.4 Identification and authentication ... 42
8.5 Network audit logging and monitoring ... 43
8.6 Intrusion detection and prevention ... 45
8.7 Protection against malicious code ... 46
8.8 Cryptographic based services ... 47
8.9 Business continuity management ... 48
9 Guidelines for the design and implementation of network security ... 49
9.1 Background ... 49
9.2 Network technical security architecture/design ... 50
10 Reference network scenarios - Risks, design, techniques and control issues ... 53
10.1 Introduction ... 53
10.2 Internet access services for employees ... 53
10.3 Enhanced collaboration services ... 53
10.4 Business to business services ... 54
10.5 Business to customer services ... 54
10.6 Outsourced services ... 55
10.7 Network segmentation ... 55
10.8 Mobile communication ... 56
10.9 Networking support for travelling users ... 56
10.10 Networking support for home and small business office ... 56
11 "Technology" topics - Risks, design techniques and control issues ... 57
12 Develop and test security solution ... 57
13 Operate security solution ... 58
14 Monitor and review solution implementation ... 59
Annex A (informative) Cross-references between ISO/IEC 27001/27002 network
security related controls and ISO/IEC 27033-1 clauses/subclauses ... 60
Table A.1 -- By ISO/IEC 27001, ISO/IEC 27002 subclauses ... 60
Table A.2 -- By this Part subclauses ... 62
Annex B (informative) Example template for a SecOPs document ... 64
Bibliography ... 70
Foreword
GB/T 25068-2020 "Information technology - Security techniques - Network security"
is currently divided into the following 5 parts:
- Part 1: Overview and concepts;
- Part 2: Guidelines for the design and implementation of network security;
- Part 3: Securing communications between networks using security gateways;
- Part 4: Securing remote access;
- Part 5: Securing communications across networks using virtual private networks.
This is Part 1 of GB/T 25068.
This Part was drafted in accordance with the rules given in GB/T 1.1-2009.
This Part replaces GB/T 25068.1-2012 "Information technology. Security techniques.
Network security -- Part 1: Overview and concepts". Compared with GB/T 25068.1-
2012, the main technical changes in this Part are as follows:
- Add the contents such as "Supporting controls", " Reference network scenarios -
Risks, design, techniques and control issues" and "Develop and test security
solution". Delete contents such as "Target" and "Crypto-based services in public
infrastructure" (see Chapter 8, Chapter 10, Chapter 12 of this Edition; Chapter 2,
Chapter 13 of Edition 2012);
- Add the contents such as "Supporting controls", "Reference network scenarios -
Risks, design, techniques and control issues" and "Develop and test security
solution". Delete contents such as "Target" and "Crypto-based services in public
infrastructure" (see Chapter 8, Chapter 10, Chapter 12 of this Edition; Chapter 2,
Chapter 13 of Edition 2012);
- Delete the dated references to GB/T 22081-2008, GB/T 25068.2-2012, and GB/T
25068.3-2010. Add the undated references to ISO/IEC 27000, ISO/IEC 27001,
ISO/IEC 27002, ISO/IEC 27005 (see Chapter 2 of this Edition; Chapter 2 of
Edition 2012);
- Delete the terms and definitions such as "security dimension" and "spam". Add the
terms and definitions such as “architecture” and “information security policy”
(see Chapter 3 of this Edition; Chapter 3 of Edition 2012);
- Delete the abbreviations such as "Telnet" and "TETRA". Add the abbreviations
such as "BPL", "CA" and "DPNSS" (see Chapter 4 of this Edition; Chapter 4 of
Edition 2012);
Remote users can be connected through VPN technology, and they may further use
wireless connection facilities like public WLAN hotspots for accessing the Internet.
Alternatively, remote users can use the telephone network for establishing direct dial-
up connections to a Remote Access Server, which is often located within the DMZ
environment of the Internet Firewall.
When an organization decides to use VoIP technologies to implement the internal
telephone network, then appropriate security gateways to the phone network are
typically present as well.
Business opportunities afforded by new network environments should be balanced
against the risks posed by the newer technologies. For example, the Internet has a
number of technical features which can cause concerns from a security point of view,
as it was originally designed with resilience rather than security as a priority - and many
of the underlying protocols in common use are not naturally secure. There are a large
number o...
Delivery: 9 seconds. Download (& Email) true-PDF + Invoice.
Get Quotation: Click GB/T 25068.1-2020 (Self-service in 1-minute)
Historical versions (Master-website): GB/T 25068.1-2020
Preview True-PDF (Reload/Scroll-down if blank)
GB/T 25068.1-2020
GB
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
GB/T 25068.1-2020 / ISO/IEC 27033-1:2015
Replacing GB/T 25068.1-2012
Information technology - Security techniques - Network
security - Part 1: Overview and concepts
(ISO/IEC 27033-1:2015, IDT)
ISSUED ON: NOVEMBER 19, 2020
IMPLEMENTED ON: JUNE 01, 2021
Issued by: State Administration for Market Regulation;
Standardization Administration of the People's Republic of China.
Table of Contents
Foreword ... 4
Introduction ... 7
1 Scope ... 10
2 Normative references ... 10
3 Terms and definitions ... 11
4 Symbols and abbreviated terms ... 16
5 Structure ... 19
6 Overview ... 21
6.1 Background ... 21
6.2 Network security planning and management ... 23
7 Identifying risks and preparing to identify security controls ... 26
7.1 Introduction ... 26
7.2 Information on current and/or planned networking ... 26
7.2.1 Security requirements in corporate information security policy ... 26
7.2.2 Information on current/planned networking ... 27
7.3 Information security risks and potential control areas ... 32
8 Supporting controls ... 36
8.1 Introduction ... 36
8.2 Management of network security ... 36
8.2.1 Background ... 36
8.2.2 Network security management activities ... 36
8.2.3 Network security roles and responsibilities ... 40
8.2.4 Network monitoring ... 41
8.2.5 Evaluating network security ... 41
8.3 Technical vulnerability management ... 41
8.4 Identification and authentication ... 42
8.5 Network audit logging and monitoring ... 43
8.6 Intrusion detection and prevention ... 45
8.7 Protection against malicious code ... 46
8.8 Cryptographic based services ... 47
8.9 Business continuity management ... 48
9 Guidelines for the design and implementation of network security ... 49
9.1 Background ... 49
9.2 Network technical security architecture/design ... 50
10 Reference network scenarios - Risks, design, techniques and control issues ... 53
10.1 Introduction ... 53
10.2 Internet access services for employees ... 53
10.3 Enhanced collaboration services ... 53
10.4 Business to business services ... 54
10.5 Business to customer services ... 54
10.6 Outsourced services ... 55
10.7 Network segmentation ... 55
10.8 Mobile communication ... 56
10.9 Networking support for travelling users ... 56
10.10 Networking support for home and small business office ... 56
11 "Technology" topics - Risks, design techniques and control issues ... 57
12 Develop and test security solution ... 57
13 Operate security solution ... 58
14 Monitor and review solution implementation ... 59
Annex A (informative) Cross-references between ISO/IEC 27001/27002 network
security related controls and ISO/IEC 27033-1 clauses/subclauses ... 60
Table A.1 -- By ISO/IEC 27001, ISO/IEC 27002 subclauses ... 60
Table A.2 -- By this Part subclauses ... 62
Annex B (informative) Example template for a SecOPs document ... 64
Bibliography ... 70
Foreword
GB/T 25068-2020 "Information technology - Security techniques - Network security"
is currently divided into the following 5 parts:
- Part 1: Overview and concepts;
- Part 2: Guidelines for the design and implementation of network security;
- Part 3: Securing communications between networks using security gateways;
- Part 4: Securing remote access;
- Part 5: Securing communications across networks using virtual private networks.
This is Part 1 of GB/T 25068.
This Part was drafted in accordance with the rules given in GB/T 1.1-2009.
This Part replaces GB/T 25068.1-2012 "Information technology. Security techniques.
Network security -- Part 1: Overview and concepts". Compared with GB/T 25068.1-
2012, the main technical changes in this Part are as follows:
- Add the contents such as "Supporting controls", " Reference network scenarios -
Risks, design, techniques and control issues" and "Develop and test security
solution". Delete contents such as "Target" and "Crypto-based services in public
infrastructure" (see Chapter 8, Chapter 10, Chapter 12 of this Edition; Chapter 2,
Chapter 13 of Edition 2012);
- Add the contents such as "Supporting controls", "Reference network scenarios -
Risks, design, techniques and control issues" and "Develop and test security
solution". Delete contents such as "Target" and "Crypto-based services in public
infrastructure" (see Chapter 8, Chapter 10, Chapter 12 of this Edition; Chapter 2,
Chapter 13 of Edition 2012);
- Delete the dated references to GB/T 22081-2008, GB/T 25068.2-2012, and GB/T
25068.3-2010. Add the undated references to ISO/IEC 27000, ISO/IEC 27001,
ISO/IEC 27002, ISO/IEC 27005 (see Chapter 2 of this Edition; Chapter 2 of
Edition 2012);
- Delete the terms and definitions such as "security dimension" and "spam". Add the
terms and definitions such as “architecture” and “information security policy”
(see Chapter 3 of this Edition; Chapter 3 of Edition 2012);
- Delete the abbreviations such as "Telnet" and "TETRA". Add the abbreviations
such as "BPL", "CA" and "DPNSS" (see Chapter 4 of this Edition; Chapter 4 of
Edition 2012);
Remote users can be connected through VPN technology, and they may further use
wireless connection facilities like public WLAN hotspots for accessing the Internet.
Alternatively, remote users can use the telephone network for establishing direct dial-
up connections to a Remote Access Server, which is often located within the DMZ
environment of the Internet Firewall.
When an organization decides to use VoIP technologies to implement the internal
telephone network, then appropriate security gateways to the phone network are
typically present as well.
Business opportunities afforded by new network environments should be balanced
against the risks posed by the newer technologies. For example, the Internet has a
number of technical features which can cause concerns from a security point of view,
as it was originally designed with resilience rather than security as a priority - and many
of the underlying protocols in common use are not naturally secure. There are a large
number of people in the global environment who have the capacity, knowledge and
inclination to access the underlying mechanisms and protocols and create security
incidents, ranging from unauthorized access to full scale destructive denial of service.
6.2 Network security planning and management
When considering network connections, all those persons in the organization who have
responsibilities associated with the connections should be clear about the business
requirements and benefits, the related security risks, and the related technical security
architectural aspects/design techniques and security control areas. The business
requirements and benefits will influence many decisions and actions taken in the
process of considering network connections, identifying technical security architectural
aspects/design techniques and potential security control areas, and then eventually
selecting, designing, implementing and maintaining secure networks.
The overall process for achieving and maintaining required network security can be
summarized as follows:
a) determine scope/context and then assess security risks:
- gather information on the current and/or planned network environment:
- review the corporate information security policy for statements on network
related risks that will always be considered as high, and on network security
controls that will need to be implemented regardless of the assessed risks.
- (Note that this policy should also contain the organization’s position on
(1) regulatory and legislative security requirements relating to network
connections as defined by the relevant regulatory or legislative bodies
(including national government agencies), and
GB/T 25068.1-2020
GB
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
GB/T 25068.1-2020 / ISO/IEC 27033-1:2015
Replacing GB/T 25068.1-2012
Information technology - Security techniques - Network
security - Part 1: Overview and concepts
(ISO/IEC 27033-1:2015, IDT)
ISSUED ON: NOVEMBER 19, 2020
IMPLEMENTED ON: JUNE 01, 2021
Issued by: State Administration for Market Regulation;
Standardization Administration of the People's Republic of China.
Table of Contents
Foreword ... 4
Introduction ... 7
1 Scope ... 10
2 Normative references ... 10
3 Terms and definitions ... 11
4 Symbols and abbreviated terms ... 16
5 Structure ... 19
6 Overview ... 21
6.1 Background ... 21
6.2 Network security planning and management ... 23
7 Identifying risks and preparing to identify security controls ... 26
7.1 Introduction ... 26
7.2 Information on current and/or planned networking ... 26
7.2.1 Security requirements in corporate information security policy ... 26
7.2.2 Information on current/planned networking ... 27
7.3 Information security risks and potential control areas ... 32
8 Supporting controls ... 36
8.1 Introduction ... 36
8.2 Management of network security ... 36
8.2.1 Background ... 36
8.2.2 Network security management activities ... 36
8.2.3 Network security roles and responsibilities ... 40
8.2.4 Network monitoring ... 41
8.2.5 Evaluating network security ... 41
8.3 Technical vulnerability management ... 41
8.4 Identification and authentication ... 42
8.5 Network audit logging and monitoring ... 43
8.6 Intrusion detection and prevention ... 45
8.7 Protection against malicious code ... 46
8.8 Cryptographic based services ... 47
8.9 Business continuity management ... 48
9 Guidelines for the design and implementation of network security ... 49
9.1 Background ... 49
9.2 Network technical security architecture/design ... 50
10 Reference network scenarios - Risks, design, techniques and control issues ... 53
10.1 Introduction ... 53
10.2 Internet access services for employees ... 53
10.3 Enhanced collaboration services ... 53
10.4 Business to business services ... 54
10.5 Business to customer services ... 54
10.6 Outsourced services ... 55
10.7 Network segmentation ... 55
10.8 Mobile communication ... 56
10.9 Networking support for travelling users ... 56
10.10 Networking support for home and small business office ... 56
11 "Technology" topics - Risks, design techniques and control issues ... 57
12 Develop and test security solution ... 57
13 Operate security solution ... 58
14 Monitor and review solution implementation ... 59
Annex A (informative) Cross-references between ISO/IEC 27001/27002 network
security related controls and ISO/IEC 27033-1 clauses/subclauses ... 60
Table A.1 -- By ISO/IEC 27001, ISO/IEC 27002 subclauses ... 60
Table A.2 -- By this Part subclauses ... 62
Annex B (informative) Example template for a SecOPs document ... 64
Bibliography ... 70
Foreword
GB/T 25068-2020 "Information technology - Security techniques - Network security"
is currently divided into the following 5 parts:
- Part 1: Overview and concepts;
- Part 2: Guidelines for the design and implementation of network security;
- Part 3: Securing communications between networks using security gateways;
- Part 4: Securing remote access;
- Part 5: Securing communications across networks using virtual private networks.
This is Part 1 of GB/T 25068.
This Part was drafted in accordance with the rules given in GB/T 1.1-2009.
This Part replaces GB/T 25068.1-2012 "Information technology. Security techniques.
Network security -- Part 1: Overview and concepts". Compared with GB/T 25068.1-
2012, the main technical changes in this Part are as follows:
- Add the contents such as "Supporting controls", " Reference network scenarios -
Risks, design, techniques and control issues" and "Develop and test security
solution". Delete contents such as "Target" and "Crypto-based services in public
infrastructure" (see Chapter 8, Chapter 10, Chapter 12 of this Edition; Chapter 2,
Chapter 13 of Edition 2012);
- Add the contents such as "Supporting controls", "Reference network scenarios -
Risks, design, techniques and control issues" and "Develop and test security
solution". Delete contents such as "Target" and "Crypto-based services in public
infrastructure" (see Chapter 8, Chapter 10, Chapter 12 of this Edition; Chapter 2,
Chapter 13 of Edition 2012);
- Delete the dated references to GB/T 22081-2008, GB/T 25068.2-2012, and GB/T
25068.3-2010. Add the undated references to ISO/IEC 27000, ISO/IEC 27001,
ISO/IEC 27002, ISO/IEC 27005 (see Chapter 2 of this Edition; Chapter 2 of
Edition 2012);
- Delete the terms and definitions such as "security dimension" and "spam". Add the
terms and definitions such as “architecture” and “information security policy”
(see Chapter 3 of this Edition; Chapter 3 of Edition 2012);
- Delete the abbreviations such as "Telnet" and "TETRA". Add the abbreviations
such as "BPL", "CA" and "DPNSS" (see Chapter 4 of this Edition; Chapter 4 of
Edition 2012);
Remote users can be connected through VPN technology, and they may further use
wireless connection facilities like public WLAN hotspots for accessing the Internet.
Alternatively, remote users can use the telephone network for establishing direct dial-
up connections to a Remote Access Server, which is often located within the DMZ
environment of the Internet Firewall.
When an organization decides to use VoIP technologies to implement the internal
telephone network, then appropriate security gateways to the phone network are
typically present as well.
Business opportunities afforded by new network environments should be balanced
against the risks posed by the newer technologies. For example, the Internet has a
number of technical features which can cause concerns from a security point of view,
as it was originally designed with resilience rather than security as a priority - and many
of the underlying protocols in common use are not naturally secure. There are a large
number o...
Share
