|
US$739.00 ยท In stock
Delivery: <= 6 days. True-PDF full-copy in English will be manually translated and delivered via email.
GB/T 25068.3-2022: Information technology - Security techniques - Network security - Part 3: Threats, design techniques and control for network access scenarios
Status: Valid GB/T 25068.3: Evolution and historical versions
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
| GB/T 25068.3-2022 | English | 739 |
Add to Cart
|
6 days [Need to translate]
|
Information technology - Security techniques - Network security - Part 3: Threats, design techniques and control for network access scenarios
| Valid |
GB/T 25068.3-2022
|
| GB/T 25068.3-2010 | English | 874 |
Add to Cart
|
4 days [Need to translate]
|
Information technology -- Security techniques -- IT network security -- Part 3: Securing communications between networks using security gateways
| Obsolete |
GB/T 25068.3-2010
|
PDF similar to GB/T 25068.3-2022
Basic data | Standard ID | GB/T 25068.3-2022 (GB/T25068.3-2022) | | Description (Translated English) | Information technology - Security techniques - Network security - Part 3: Threats, design techniques and control for network access scenarios | | Sector / Industry | National Standard (Recommended) | | Classification of Chinese Standard | L80 | | Classification of International Standard | 35.030 | | Word Count Estimation | 35,389 | | Date of Issue | 2022-10-12 | | Date of Implementation | 2023-05-01 | | Older Standard (superseded by this standard) | GB/T 25068.4-2010 | | Issuing agency(ies) | State Administration for Market Regulation, China National Standardization Administration | GB/T 25068.3-2022: Information technology - Security techniques - Network security - Part 3: Threats, design techniques and control for network access scenarios
---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
Information technology - Security techniques - Network security - Part 3.Threats, design techniques and control for network access scenarios
ICS 35.030
CCSL80
National Standards of People's Republic of China
Replace GB/T 25068.4-2010
information technology security technology cybersecurity
Part 3.Oriented to network access scenarios
Threats, Design Techniques and Controls
2022-10-12 release 2023-05-01 implementation
State Administration for Market Regulation
Released by the National Standardization Management Committee
table of contents
Preface III
Introduction V
1 Scope 1
2 Normative references 1
3 Terms and Definitions 1
4 Abbreviations 2
5 Document structure 2
6 Overview 3
7 Internet access services for employees5
7.1 Background 5
7.2 Security threats 5
7.3 Security Design Technology and Control Measures 6
8 Business-to-business services7
8.1 Background 7
8.2 Security threats 8
8.3 Security Design Technology and Control Measures 8
9 Business-to-customer services9
9.1 Background 9
9.2 Security Threats 9
9.3 Security Design Techniques and Control Measures 10
10 Enhanced Collaboration Services11
10.1 Background 11
10.2 Security Threats 12
10.3 Security Design Techniques and Control Measures 12
11 Network Segmentation 13
11.1 Background 13
11.2 Security Threats 13
11.3 Security Design Techniques and Control Measures 14
12 Networking Support for Home Offices and Small Business Offices14
12.1 Background 14
12.2 Security Threats 14
12.3 Security Design Techniques and Control Measures 15
13 Mobile Communications 16
13.1 Background 16
13.2 Security Threats 16
13.3 Security Design Techniques and Controls 17
14 Providing Network Support for Mobile Users18
14.1 Background 18
14.2 Security Threats 18
14.3 Security Design Techniques and Controls 19
15 Outsourcing Services19
15.1 Background 19
15.2 Security Threats 19
15.3 Security design techniques and controls 20
Appendix A (Informative) Threat Catalog 21
APPENDIX B (INFORMATIVE) EXAMPLE INTERNET USE POLICY25
Reference 28
Table 1 Resource access framework in network access scenarios 3
Table 2 Network Security Technology Example 5
Table 3 Security control measures in the scenario of employee Internet access service 6
Table 4 Security control measures in business-to-business service scenarios8
Table 5 Security control measures in business-to-customer service scenarios10
Table 6 Security control measures in the enhanced collaboration service scenario12
Table 7 Security Control Measures in Network Segmentation Scenario 14
Table 8 Network Security Controls for Home and Small Business Office Scenarios15
Table 9 Security control measures in mobile communication scenarios17
Table 10 Security control measures in the scenario of providing mobile users with network support19
Table 11 Security control measures in outsourcing service scenarios 20
foreword
This document is in accordance with the provisions of GB/T 1.1-2020 "Guidelines for Standardization Work Part 1.Structure and Drafting Rules for Standardization Documents"
drafting.
This document is part 3 of GB/T 25068 "Information Technology Security Technology Network Security". GB/T 25068 has issued the following
part.
--- Part 1.Overview and concepts;
--- Part 2.Network Security Design and Implementation Guidelines;
--- Part 3.Threats, design techniques and controls for network access scenarios;
--- Part 4.Inter-network communication security protection using security gateways;
--- Part 5.Cross-network communication security protection using a virtual private network.
This document replaces GB/T 25068.4-2010 "Information Technology Security Technology IT Network Security Part 4.Remote Access Security
Full Protection". Compared with GB/T 25068.4-2010, except for structural adjustment and editorial changes, the main technical changes are as follows.
---The main content of this document is changed from the security protection of remote access to the threat, design technology and control for network access scenarios;
---This document resummarizes and revises each technical application scenario in the original series of standards;
--- Deleted terms and definitions such as "access point", "Advanced Encryption Standard" and "callback", and added "malware", "opaqueness" and "outsourcing"
and other terms and definitions (see Chapter 3, Chapter 3 of the.2010 edition);
---Added "Employee Internet Access Services", "Business-to-Business Services", "Business-to-Customer Services", "Enhanced Collaboration Services"
"Network segmentation" and "providing network support for home offices and small business offices", etc., deleted the "remote access connection class
"Type", "Remote Access Connection Technology", "Selection and Configuration Guide" and other content (see Chapter 7~15, Chapter 6 of the.2010 edition
Chapter~Chapter 8);
--- Added "Threat Catalog" and "Internet Usage Policy Example", deleted "Remote Access Security Policy Example" and "RADIUS Implementation
and Deployment Best Practices" "Two Modes of FTP" "Secure Mail Services Checklist" "Secure Web Services Checklist" "Wireless
LAN Security Checklist" (see Appendix A, Appendix B, Appendix A~Appendix F of the.2010 edition).
This document is modified to adopt ISO /IEC 27033-3.2010 "Information Security Security Technology Network Security Part 3.Reference Network
Scenarios - Threats, Design Techniques, and Controls.
Compared with ISO /IEC 27033-3.2010, this document has made the following structural adjustments.
--- Adjust Appendix A to Appendix B, and Appendix B to Appendix A.
The technical differences between this document and ISO /IEC 27033-3.2010 and their reasons are as follows.
--- Replace ISO /IEC 27000 with normatively quoted GB/T 29246 (see Chapter 3 and Chapter 6), and replace with GB/T 25068.1
ISO /IEC 27033-1 (see Chapter 3), to adapt to the technical conditions of our country;
---Change the network segmentation guidance for government organizations such as federal countries or the European Union to the network segmentation guidance for multinational organizations in my country
guide, and appear in the form of "notes" (see 11.1).
The following editorial changes have been made to this document.
---Change some expressions applicable to international standards to expressions applicable to Chinese standards;
--- Added footnotes in Table 1;
---Expand the use requirements for blogs in Appendix A of the international standard to use requirements for all social platforms;
--- Adjust the suspension section in A.4.3 in Appendix A of the international standard to B.4.3.1 with serial numbers in Appendix B;
--- Deleted the definition A.6 in Appendix A of the international standard;
--- Added "References".
Please note that some contents of this document may refer to patents. The issuing agency of this document assumes no responsibility for identifying patents.
This document is proposed and managed by the National Information Security Standardization Technical Committee (SAC/TC260).
This document was drafted by. Heilongjiang Cyberspace Research Center, China Electronics Standardization Research Institute, Antiy Technology Group Co., Ltd.
Co., Ltd., Heilongjiang Anxin Yucheng Technology Development Co., Ltd., Shanghai Industrial Control Safety Innovation Technology Co., Ltd., Harbin University of Science and Technology,
Harbin Institute of Technology.
The main drafters of this document. Qu Jiaxing, Fang Zhou, Yu Haining, Gu Juntao, Xiao Hongjiang, Li Linlin, Song Xue, Li Rui, Yang Xiaoxuan, Bai Rui, Ma Yao,
Wang Dameng, Hu Dayong, Shubin, Wu Qiong, Shangguan Xiaoli, Cai Yiming, Du Yufang, Zhao Chao, Wu Jiaxing, Cao Wei, Lu Ziyuan, Ma Chao, Meng Qingchuan,
Shan Jianzhong, Han Jianyong, Liu Mingge, Huang Hai, Fang Wei, Tong Songhua, Liu Ying, Sun Teng, Ni Hua.
The release status of previous versions of this document and the documents it replaces are as follows.
---First published as GB/T 25068.4-2010 in.2010;
Introduction
The purpose of GB/T 25068 is to provide detailed guidance on security aspects for the management, operation, use and interconnection of information system networks.
This guide is intended to facilitate the adoption of this document by those responsible for information security, especially network security, within an organization to meet their specific needs. to be composed of six parts
constitute.
--- Part 1.Overview and concepts. The purpose is to present concepts related to cybersecurity and provide management guidance.
--- Part 2.Network Security Design and Implementation Guidelines. The purpose is to provide information on how organizations plan, design, and achieve high-quality network security
System to ensure that network security is suitable for the corresponding business environment to provide guidance.
--- Part 3.Threats, design techniques and controls for network access scenarios. The purpose is to enumerate the
The specific risks, design techniques, and controls associated with this document apply to all those involved in the planning, design, and implementation of cybersecurity architectural aspects.
--- Part 4.Inter-network communication security protection using a security gateway. The purpose is to ensure the security of inter-network communication using the security gateway.
--- Part 5.Cross-network communication security protection using a virtual private network. The purpose is to define the use of virtual private networks to establish secure connections
associated specific risks, design techniques and control elements.
--- Part 6.Wireless network access security. Intended to be necessary for the selection, implementation and monitoring of the use of wireless networks to provide secure communications
provides guidance on technical controls and is used in part 2 for review of technical security architecture or design options involving the use of wireless networks
Check and choose.
GB/T 25068 is based on GB/T 22081 "Information Technology Security Technical Information Security Control Practice Guidelines", further
Provides detailed implementation guidance for network security controls. GB/T 25068 only emphasizes the importance of business types and other factors affecting network security
without specifying.
Where this document involves the use of cryptography to solve the requirements of confidentiality, integrity, authenticity, and non-repudiation, it shall follow the relevant national standards for cryptography.
and industry standards.
information technology security technology cybersecurity
Part 3.Oriented to network access scenarios
Threats, Design Techniques and Controls
1 Scope
This document describes the threats, design techniques, and control issues associated with network access scenarios, providing capabilities for each network access scenario.
Detailed guidance on the three elements of security threats, security design techniques, and controls that can reduce associated risks.
This document is applicable to review the structure and design of the technical safety system in accordance with GB/T 25068.2, and to select and record the preferred technology
options for technical security architecture, design, and associated controls. The characteristics of the network environment being reviewed determine the selection of specific information (including from
The information selected in GB/T 25068.4, GB/T 25068.5 and ISO /IEC 27033-6), that is, the selection of specific information and specific network access
Scenarios are related to the "technical" topic.
2 Normative references
The contents of the following documents constitute the essential provisions of this document through normative references in the text. Among them, dated references
For documents, only the version corresponding to the date is applicable to this document; for undated reference documents, the latest version (including all amendments) is applicable to
this document.
GB/T 29246 Information Technology Security Technology Information Security Management System Overview and Vocabulary (GB/T 29246-2017,
ISO /IEC 27000.2016, IDT)
GB/T 25068.1 Information Technology Security Technology Network Security Part 1.Overview and Concepts (GB/T 25068.1-
2020, ISO /IEC 27033-1.2015, IDT)
3 Terms and Definitions
The following terms and definitions defined in GB/T 29246 and GB/T 25068.1 apply to this document.
3.1
Malware
A category of maliciously designed software that contains features that may, directly or indirectly, cause potential harm to the user or the user's computer system
or function.
[Source. ISO /IEC 27032.2012,4.35]
3.2
opacity
Giving credit to information that may be obtained by monitoring network activity (such as obtaining the address of an endpoint in a VoIP call over the Internet)
Protect.
Note. Opacity also protects the related behavior of obtaining information.
Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 25068.3-2022_English be delivered?Answer: Upon your order, we will start to translate GB/T 25068.3-2022_English as soon as possible, and keep you informed of the progress. The lead time is typically 4 ~ 6 working days. The lengthier the document the longer the lead time. Question 2: Can I share the purchased PDF of GB/T 25068.3-2022_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 25068.3-2022_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet. Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to [email protected]. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay. Question 5: Should I purchase the latest version GB/T 25068.3-2022?Answer: Yes. Unless special scenarios such as technical constraints or academic study, you should always prioritize to purchase the latest version GB/T 25068.3-2022 even if the enforcement date is in future. Complying with the latest version means that, by default, it also complies with all the earlier versions, technically.
|