From Firewall Security Requirements Guide Requirements
Part of SRG-NET-000364-FW-000036
Associated with: CCI-002403
Protect the management network with a filtering firewall configured to block unauthorized traffic. This requirement is similar to the OOBM model, when the production network is managed in-band. The management network could also be housed at an NOC that is located locally or remotely at a single or multiple interconnected sites.
Inspect the architecture diagrams. Inspect the NOC and the managed network. Note that the IPsec tunnel endpoints may be configured on the premise or gateway router, the VPN gateway firewall, or a VPN concentrator. Verify that all traffic between the managed network and management network and vice-versa is secured via IPsec encapsulation. If the firewall does not restrict traffic entering the VPN tunnels to the management network to only the authorized management packets based on destination address, this is a finding.
Where IPsec technology is deployed to connect the managed network to the NOC, restrict the traffic entering the tunnels so that only the authorized management packets with authorized destination addresses are permitted.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer