GB/T 25068.3-2022 English PDFUS$739.00 ยท In stock
Delivery: <= 6 days. True-PDF full-copy in English will be manually translated and delivered via email. GB/T 25068.3-2022: Information technology - Security techniques - Network security - Part 3: Threats, design techniques and control for network access scenarios Status: Valid GB/T 25068.3: Historical versions
Basic dataStandard ID: GB/T 25068.3-2022 (GB/T25068.3-2022)Description (Translated English): Information technology - Security techniques - Network security - Part 3: Threats, design techniques and control for network access scenarios Sector / Industry: National Standard (Recommended) Classification of Chinese Standard: L80 Classification of International Standard: 35.030 Word Count Estimation: 35,389 Date of Issue: 2022-10-12 Date of Implementation: 2023-05-01 Older Standard (superseded by this standard): GB/T 25068.4-2010 Issuing agency(ies): State Administration for Market Regulation, China National Standardization Administration GB/T 25068.3-2022: Information technology - Security techniques - Network security - Part 3: Threats, design techniques and control for network access scenarios---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order. Information technology - Security techniques - Network security - Part 3.Threats, design techniques and control for network access scenarios ICS 35.030 CCSL80 National Standards of People's Republic of China Replace GB/T 25068.4-2010 information technology security technology cybersecurity Part 3.Oriented to network access scenarios Threats, Design Techniques and Controls 2022-10-12 release 2023-05-01 implementation State Administration for Market Regulation Released by the National Standardization Management Committee table of contentsPreface III Introduction V 1 Scope 1 2 Normative references 1 3 Terms and Definitions 1 4 Abbreviations 2 5 Document structure 2 6 Overview 3 7 Internet access services for employees5 7.1 Background 5 7.2 Security threats 5 7.3 Security Design Technology and Control Measures 6 8 Business-to-business services7 8.1 Background 7 8.2 Security threats 8 8.3 Security Design Technology and Control Measures 8 9 Business-to-customer services9 9.1 Background 9 9.2 Security Threats 9 9.3 Security Design Techniques and Control Measures 10 10 Enhanced Collaboration Services11 10.1 Background 11 10.2 Security Threats 12 10.3 Security Design Techniques and Control Measures 12 11 Network Segmentation 13 11.1 Background 13 11.2 Security Threats 13 11.3 Security Design Techniques and Control Measures 14 12 Networking Support for Home Offices and Small Business Offices14 12.1 Background 14 12.2 Security Threats 14 12.3 Security Design Techniques and Control Measures 15 13 Mobile Communications 16 13.1 Background 16 13.2 Security Threats 16 13.3 Security Design Techniques and Controls 17 14 Providing Network Support for Mobile Users18 14.1 Background 18 14.2 Security Threats 18 14.3 Security Design Techniques and Controls 19 15 Outsourcing Services19 15.1 Background 19 15.2 Security Threats 19 15.3 Security design techniques and controls 20 Appendix A (Informative) Threat Catalog 21 APPENDIX B (INFORMATIVE) EXAMPLE INTERNET USE POLICY25 Reference 28 Table 1 Resource access framework in network access scenarios 3 Table 2 Network Security Technology Example 5 Table 3 Security control measures in the scenario of employee Internet access service 6 Table 4 Security control measures in business-to-business service scenarios8 Table 5 Security control measures in business-to-customer service scenarios10 Table 6 Security control measures in the enhanced collaboration service scenario12 Table 7 Security Control Measures in Network Segmentation Scenario 14 Table 8 Network Security Controls for Home and Small Business Office Scenarios15 Table 9 Security control measures in mobile communication scenarios17 Table 10 Security control measures in the scenario of providing mobile users with network support19 Table 11 Security control measures in outsourcing service scenarios 20forewordThis document is in accordance with the provisions of GB/T 1.1-2020 "Guidelines for Standardization Work Part 1.Structure and Drafting Rules for Standardization Documents" drafting. This document is part 3 of GB/T 25068 "Information Technology Security Technology Network Security". GB/T 25068 has issued the following part. --- Part 1.Overview and concepts; --- Part 2.Network Security Design and Implementation Guidelines; --- Part 3.Threats, design techniques and controls for network access scenarios; --- Part 4.Inter-network communication security protection using security gateways; --- Part 5.Cross-network communication security protection using a virtual private network. This document replaces GB/T 25068.4-2010 "Information Technology Security Technology IT Network Security Part 4.Remote Access Security Full Protection". Compared with GB/T 25068.4-2010, except for structural adjustment and editorial changes, the main technical changes are as follows. ---The main content of this document is changed from the security protection of remote access to the threat, design technology and control for network access scenarios; ---This document resummarizes and revises each technical application scenario in the original series of standards; --- Deleted terms and definitions such as "access point", "Advanced Encryption Standard" and "callback", and added "malware", "opaqueness" and "outsourcing" and other terms and definitions (see Chapter 3, Chapter 3 of the.2010 edition); ---Added "Employee Internet Access Services", "Business-to-Business Services", "Business-to-Customer Services", "Enhanced Collaboration Services" "Network segmentation" and "providing network support for home offices and small business offices", etc., deleted the "remote access connection class "Type", "Remote Access Connection Technology", "Selection and Configuration Guide" and other content (see Chapter 7~15, Chapter 6 of the.2010 edition Chapter~Chapter 8); --- Added "Threat Catalog" and "Internet Usage Policy Example", deleted "Remote Access Security Policy Example" and "RADIUS Implementation and Deployment Best Practices" "Two Modes of FTP" "Secure Mail Services Checklist" "Secure Web Services Checklist" "Wireless LAN Security Checklist" (see Appendix A, Appendix B, Appendix A~Appendix F of the.2010 edition). This document is modified to adopt ISO /IEC 27033-3.2010 "Information Security Security Technology Network Security Part 3.Reference Network Scenarios - Threats, Design Techniques, and Controls. Compared with ISO /IEC 27033-3.2010, this document has made the following structural adjustments. --- Adjust Appendix A to Appendix B, and Appendix B to Appendix A. The technical differences between this document and ISO /IEC 27033-3.2010 and their reasons are as follows. --- Replace ISO /IEC 27000 with normatively quoted GB/T 29246 (see Chapter 3 and Chapter 6), and replace with GB/T 25068.1 ISO /IEC 27033-1 (see Chapter 3), to adapt to the technical conditions of our country; ---Change the network segmentation guidance for government organizations such as federal countries or the European Union to the network segmentation guidance for multinational organizations in my country guide, and appear in the form of "notes" (see 11.1). The following editorial changes have been made to this document. ---Change some expressions applicable to international standards to expressions applicable to Chinese standards; --- Added footnotes in Table 1; ---Expand the use requirements for blogs in Appendix A of the international standard to use requirements for all social platforms; --- Adjust the suspension section in A.4.3 in Appendix A of the international standard to B.4.3.1 with serial numbers in Appendix B; --- Deleted the definition A.6 in Appendix A of the international standard; --- Added "References". Please note that some contents of this document may refer to patents. The issuing agency of this document assumes no responsibility for identifying patents. This document is proposed and managed by the National Information Security Standardization Technical Committee (SAC/TC260). This document was drafted by. Heilongjiang Cyberspace Research Center, China Electronics Standardization Research Institute, Antiy Technology Group Co., Ltd. Co., Ltd., Heilongjiang Anxin Yucheng Technology Development Co., Ltd., Shanghai Industrial Control Safety Innovation Technology Co., Ltd., Harbin University of Science and Technology, Harbin Institute of Technology. The main drafters of this document. Qu Jiaxing, Fang Zhou, Yu Haining, Gu Juntao, Xiao Hongjiang, Li Linlin, Song Xue, Li Rui, Yang Xiaoxuan, Bai Rui, Ma Yao, Wang Dameng, Hu Dayong, Shubin, Wu Qiong, Shangguan Xiaoli, Cai Yiming, Du Yufang, Zhao Chao, Wu Jiaxing, Cao Wei, Lu Ziyuan, Ma Chao, Meng Qingchuan, Shan Jianzhong, Han Jianyong, Liu Mingge, Huang Hai, Fang Wei, Tong Songhua, Liu Ying, Sun Teng, Ni Hua. The release status of previous versions of this document and the documents it replaces are as follows. ---First published as GB/T 25068.4-2010 in.2010;IntroductionThe purpose of GB/T 25068 is to provide detailed guidance on security aspects for the management, operation, use and interconnection of information system networks. This guide is intended to facilitate the adoption of this document by those responsible for information security, especially network security, within an organization to meet their specific needs. to be composed of six parts constitute. --- Part 1.Overview and concepts. The purpose is to present concepts related to cybersecurity and provide management guidance. --- Part 2.Network Security Design and Implementation Guidelines. The purpose is to provide information on how organizations plan, design, and achieve high-quality network security System to ensure that network security is suitable for the corresponding business environment to provide guidance. --- Part 3.Threats, design techniques and controls for network access scenarios. The purpose is to enumerate the The specific risks, design techniques, and controls associated with this document apply to all those involved in the planning, design, and implementation of cybersecurity architectural aspects. --- Part 4.Inter-network communication security protection using a security gateway. The purpose is to ensure the security of inter-network communication using the security gateway. --- Part 5.Cross-network communication security protection using a virtual private network. The purpose is to define the use of virtual private networks to establish secure connections associated specific risks, design techniques and control elements. --- Part 6.Wireless network access security. Intended to be necessary for the selection, implementation and monitoring of the use of wireless networks to provide secure communications provides guidance on technical controls and is used in part 2 for review of technical security architecture or design options involving the use of wireless networks Check and choose. GB/T 25068 is based on GB/T 22081 "Information Technology Security Technical Information Security Control Practice Guidelines", further Provides detailed implementation guidance for network security controls. GB/T 25068 only emphasizes the importance of business types and other factors affecting network security without specifying. Where this document involves the use of cryptography to solve the requirements of confidentiality, integrity, authenticity, and non-repudiation, it shall follow the relevant national standards for cryptography. and industry standards. information technology security technology cybersecurity Part 3.Oriented to network access scenarios Threats, Design Techniques and Controls1 ScopeThis document describes the threats, design techniques, and control issues associated with network access scenarios, providing capabilities for each network access scenario. Detailed guidance on the three elements of security threats, security design techniques, and controls that can reduce associated risks. This document is applicable to review the structure and design of the technical safety system in accordance with GB/T 25068.2, and to select and record the preferred technology options for technical security architecture, design, and associated controls. The characteristics of the network environment being reviewed determine the selection of specific information (including from The information selected in GB/T 25068.4, GB/T 25068.5 and ISO /IEC 27033-6), that is, the selection of specific information and specific network access Scenarios are related to the "technical" topic.2 Normative referencesThe contents of the following documents constitute the essential provisions of this document through normative references in the text. Among them, dated references For documents, only the version corresponding to the date is applicable to this document; for undated reference documents, the latest version (including all amendments) is applicable to this document. GB/T 29246 Information Technology Security Technology Information Security Management System Overview and Vocabulary (GB/T 29246-2017, ISO /IEC 27000.2016, IDT) GB/T 25068.1 Information Technology Security Technology Network Security Part 1.Overview and Concepts (GB/T 25068.1- 2020, ISO /IEC 27033-1.2015, IDT)3 Terms and DefinitionsThe following terms and definitions defined in GB/T 29246 and GB/T 25068.1 apply to this document. 3.1 Malware A category of maliciously designed software that contains features that may, directly or indirectly, cause potential harm to the user or the user's computer system or function. [Source. ISO /IEC 27032.2012,4.35] 3.2 opacity Giving credit to information that may be obtained by monitoring network activity (such as obtaining the address of an endpoint in a VoIP call over the Internet) Protect. Note. Opacity also protects the related behavior of obtaining information. ......Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 25068.3-2022_English be delivered?Answer: Upon your order, we will start to translate GB/T 25068.3-2022_English as soon as possible, and keep you informed of the progress. The lead time is typically 4 ~ 6 working days. The lengthier the document the longer the lead time.Question 2: Can I share the purchased PDF of GB/T 25068.3-2022_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 25068.3-2022_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.Question 5: Should I purchase the latest version GB/T 25068.3-2022?Answer: Yes. Unless special scenarios such as technical constraints or academic study, you should always prioritize to purchase the latest version GB/T 25068.3-2022 even if the enforcement date is in future. Complying with the latest version means that, by default, it also complies with all the earlier versions, technically. |
