Each organization maintains what is commonly referred to as a DMZ between corporate
resources (networks, Intranets, and applications), and the Internet. The DMZ serves as
the first in multiple levels of the defense-in-depth protection of IT resources.
Components and evaluation considerations for an organization’s perimeter are itemized
below and should be tied closing to the incident response policy/procedures:
· Analysis and determination of data sensitivity and relation to encryption level
· Threat vectors (who, where, how intruders can attack-both internally and
externally), and mitigation strategies deployed
· Internally assessable and public-access boxes situated properly and limited,
secured paths between
· Failover, load balancing and backup and recovery procedures are outlined,
tested and maintained
· Qualification and currency of training for telecommunications, network
administrators, WebFarm and ISSS personnel
· Physical considerations, access (including log retention and auditing
requirements), location, signage are addressed
· Firewalls, gateways, routers and switches properly configured, logs analyzed,
and follow up activities performed on an appropriate recurring basis
· Analysis of both in and outbound traffic
· Protocol allowances checked and hardened
· Dial-up connection restrictions and auditing
· Quarantine and recovery procedures and strategy reviewed, tested and lessons
learned utilized
· IDS policy and procedures (including log retention, auditing requirements, follow
up activities and hardening activities),
· Procedures are in place to ensure risk assessments are performed before
modifications are implemented
· Infrastructure diagrams and documentation maintained and accessible by those
with need-to-know, but adequately protected from outside access
© SANS Institute 2002, Author retains full rights.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
© SANS Institute 2002, As part of the Information Security Reading Room. Author retains full rights.
· Virus, spoofs and worm identification, inoculation and irradication strategy
· Independent auditing strategy including rigorous attack plan and social
engineering strategies tested.


Leave Comment

Your email address will not be published. Required fields are marked *