An Introduction To
Objective: To prevent unauthorised access to networked services
Access to both internal and external networked services should be controlled.
Policy on use of network services
Users should only be provided with direct access to the services that they have been specifically authorised to use.
User authentication for external connections
Connections by remote users via public (or non-organisational) networks should be authenticated.
Equipment identification in networks
Automatic terminal identification should be considered to authenticate connections to specific locations and to portable equipment if appropriate and available.
Remote diagnostic and configuration port protection
Access to diagnostic and configuration ports should be securely controlled.
Segregation in networks
Large networks may require to be divided into separate domains.
Network connection control
The connection capability of users may need to be controlled to support the access control policy requirements of certain business applications.
Network routing control
Shared networks may require network routing controls.
The Security Practitioner
An Introduction to Information Security