GB/T 25068.1-2020 PDF English
US$695.00 · In stock · Download in 9 secondsGB/T 25068.1-2020: Information technology. Security techniques. Network security - Part 1: Overview and concepts Delivery: 9 seconds. True-PDF full-copy in English & invoice will be downloaded + auto-delivered via email. See step-by-step procedureStatus: Valid GB/T 25068.1: Evolution and historical versions
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivery | Name of Chinese Standard | Status |
| GB/T 25068.1-2020 | English | 695 |
Add to Cart
|
0-9 seconds. Auto-delivery
|
Information technology. Security techniques. Network security - Part 1: Overview and concepts
| Valid |
| GB/T 25068.1-2012 | English | RFQ |
ASK
|
3 days
|
Information technology -- Security techniques -- IT network security -- Part 1: Network security management
| Obsolete |
Excerpted PDFs (Download full copy in 9 seconds upon purchase)PDF Preview: GB/T 25068.1-2020
GB/T 25068.1-2020: Information technology. Security techniques. Network security - Part 1: Overview and concepts
---This is an excerpt. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.), auto-downloaded/delivered in 9 seconds, can be purchased online: https://www.ChineseStandard.net/PDF.aspx/GBT25068.1-2020
GB
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
GB/T 25068.1-2020 / ISO/IEC 27033-1.2015
Replacing GB/T 25068.1-2012
Information technology - Security techniques - Network
security - Part 1.Overview and concepts
(ISO/IEC 27033-1.2015, IDT)
Issued on. NOVEMBER 19, 2020
Implemented on. JUNE 01, 2021
Issued by. State Administration for Market Regulation;
Standardization Administration of the People's Republic of China.
Table of Contents
Foreword... 4
Introduction... 7
1 Scope... 10
2 Normative references... 10
3 Terms and definitions... 11
4 Symbols and abbreviated terms... 16
5 Structure... 19
6 Overview... 21
6.1 Background... 21
6.2 Network security planning and management... 23
7 Identifying risks and preparing to identify security controls... 26
7.1 Introduction... 26
7.2 Information on current and/or planned networking... 26
7.2.1 Security requirements in corporate information security policy... 26
7.2.2 Information on current/planned networking... 27
7.3 Information security risks and potential control areas... 32
8 Supporting controls... 36
8.1 Introduction... 36
8.2 Management of network security... 36
8.2.1 Background... 36
8.2.2 Network security management activities... 36
8.2.3 Network security roles and responsibilities... 40
8.2.4 Network monitoring... 41
8.2.5 Evaluating network security... 41
8.3 Technical vulnerability management... 41
8.4 Identification and authentication... 42
8.5 Network audit logging and monitoring... 43
8.6 Intrusion detection and prevention... 45
8.7 Protection against malicious code... 46
8.8 Cryptographic based services... 47
8.9 Business continuity management... 48
9 Guidelines for the design and implementation of network security... 49
9.1 Background... 49
9.2 Network technical security architecture/design... 50
10 Reference network scenarios - Risks, design, techniques and control issues... 53
10.1 Introduction... 53
10.2 Internet access services for employees... 53
10.3 Enhanced collaboration services... 53
10.4 Business to business services... 54
10.5 Business to customer services... 54
10.6 Outsourced services... 55
10.7 Network segmentation... 55
10.8 Mobile communication... 56
10.9 Networking support for travelling users... 56
10.10 Networking support for home and small business office... 56
11 "Technology" topics - Risks, design techniques and control issues... 57
12 Develop and test security solution... 57
13 Operate security solution... 58
14 Monitor and review solution implementation... 59
Annex A (informative) Cross-references between ISO/IEC 27001/27002 network
security related controls and ISO/IEC 27033-1 clauses/subclauses... 60
Table A.1 -- By ISO/IEC 27001, ISO/IEC 27002 subclauses... 60
Table A.2 -- By this Part subclauses... 62
Annex B (informative) Example template for a SecOPs document... 64
Bibliography... 70
Foreword
GB/T 25068-2020 "Information technology - Security techniques - Network security"
is currently divided into the following 5 parts.
- Part 1.Overview and concepts;
- Part 2.Guidelines for the design and implementation of network security;
- Part 3.Securing communications between networks using security gateways;
- Part 4.Securing remote access;
- Part 5.Securing communications across networks using virtual private networks.
This is Part 1 of GB/T 25068.
This Part was drafted in accordance with the rules given in GB/T 1.1-2009.
This Part replaces GB/T 25068.1-2012 "Information technology. Security techniques.
Network security -- Part 1.Overview and concepts". Compared with GB/T 25068.1-
2012, the main technical changes in this Part are as follows.
- Add the contents such as "Supporting controls", " Reference network scenarios -
Risks, design, techniques and control issues" and "Develop and test security
solution". Delete contents such as "Target" and "Crypto-based services in public
infrastructure" (see Chapter 8, Chapter 10, Chapter 12 of this Edition; Chapter 2,
Chapter 13 of Edition 2012);
- Add the contents such as "Supporting controls", "Reference network scenarios -
Risks, design, techniques and control issues" and "Develop and test security
solution". Delete contents such as "Target" and "Crypto-based services in public
infrastructure" (see Chapter 8, Chapter 10, Chapter 12 of this Edition; Chapter 2,
Chapter 13 of Edition 2012);
- Delete the dated references to GB/T 22081-2008, GB/T 25068.2-2012, and GB/T
25068.3-2010.Add the undated references to ISO/IEC 27000, ISO/IEC 27001,
ISO/IEC 27002, ISO/IEC 27005 (see Chapter 2 of this Edition; Chapter 2 of
Edition 2012);
- Delete the terms and definitions such as "security dimension" and "spam". Add the
terms and definitions such as “architecture” and “information security policy”
(see Chapter 3 of this Edition; Chapter 3 of Edition 2012);
- Delete the abbreviations such as "Telnet" and "TETRA". Add the abbreviations
such as "BPL", "CA" and "DPNSS" (see Chapter 4 of this Edition; Chapter 4 of
Edition 2012);
- Delete network connection types, identification of trust relationships, trust
relationship references, and potential vulnerability types. Add the conceptual
model of network security risk areas, network security risk assessment and
management process (see Chapter 5 ~ Chapter 8 of this Edition; Chapter 7,
Chapter 10 ~ Chapter 12 of Edition 2012);
- Add cross-references between the security control section in this Part and the
relevant provisions in ISO/IEC 27001 and ISO/IEC 27002 and the SecOPs
document sample template (see Annex A and Annex B of this Edition).
This Part uses translation method to identically adopts ISO/IEC 27033-1.2015
"Information technology - Security techniques - Network security - Part 1.Overview
and concepts".
The Chinese documents which have consistency with the international normative
reference in this Part are as follows.
- GB/T 9387 (all parts), Information technology. Open Systems Interconnection.
Basic Reference Model [ISO/IEC 7498 (all parts)];
- GB/T 22080-2016, Information technology -- Security techniques -- Information
security management systems -- Requirements (ISO/IEC 27001.2013, IDT);
- GB/T 22081-2016, Information technology -- Security techniques -- Code of
practice for information security controls (ISO/IEC27002.2013, IDT);
- GB/T 29246-2017, Information technology -- Security techniques -- Information
security management systems -- Overview and vocabulary (ISO/IEC 27000.2016,
IDT);
- GB/T 31722-2015, Information technology -- Security techniques -- Information
security risk management (ISO/IEC 27005.2008, IDT).
This Part made the following editorial modifications.
- In Chapter 2, add the international document ISO/IEC 27000 which is used as a
normative reference in the text.
This Part was proposed by and shall be under the jurisdiction of National Technical
Committee on Information Security of Standardization Administration of China
(SAC/TC 260).
The drafting organizations of this Part. Heilongjiang Provincial Cyberspace Research
Center, China Electronics Technology Standardization Institute, Beijing Antian
Network Security Technology Co., Ltd., Hangzhou Anheng Information Technology
Co., Ltd., Harbin University of Science and Technology, Xi'an Xidian Jietong Wireless
Network Communications Co., Ltd.
Main drafters of this Part. Fang Zhou, Qu Jiaxing, Ma Chao, Gu Juntao, Shubin, Liu
Jia, Li Rui, Song Xue, Ma Yao, Wang Dameng, Wu Qiong, Jiang Guochun, Feng Yana,
Zhang Hong, Si Dan, Zhang Chi, Yu Haining.
Version of standard substituted by this Part is.
- GB/T 25068.1-2012.
1 Scope
This part of GB/T 25068 provides an overview of network security and related
definitions. It defines and describes the concepts associated with, and provides
management guidance on, network security. (Network security applies to the security
of devices, security of management activities related to the devices,
2 Normative references
The following referenced documents are indispensable for the application of this
document. For dated references, only the edition cited applies. For undated references,
the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 7498 (all parts), Information technology - Open systems interconnection
Basic reference model. Naming and addressing
3 Terms and definitions
person deliberately exploiting vulnerabilities in technical and non-technical security
controls in order to steal or compromise information systems and networks, or to
compromise availability to legitimate users of information system and network
resources
variant on intrusion detection systems that are specifically designed to provide an active
response capability
4 Symbols and abbreviated terms
The following abbreviated terms are used in all parts of ISO/IEC 27033.
5 Structure
The structure of the ISOI/IEC 27033 series of standards is shown in diagrammatic, or
"road map", form in Figure 2 below.
6 Overview
When an organization decides to use VoIP technologies to implement the internal
telephone network, then appropriate security gateways to the phone network are
typically present as well.
7 Identifying risks and preparing to identify security controls
The next step should be to gather and review information on the current and/or planned
network(s) - the architecture(s), applications, services, types of connection and other
characteristics - this will have a bearing on the identification and assessment of risks,
and determining what is possible in terms of network technical security
architecture/design. These aspects are described below.
8 Supporting controls
A key requirement for any network is that it is supported by secure management
activities, which will initiate and control the implementation, and operation, of security.
These activities should take place to ensure the security of all of an organization/community’s
information systems. Network security management activities should include.
9 Guidelines for the design and implementation of network security
It is emphasized that the technical security architecture/design for any project should
be fully documented and agreed, before finalizing the list of security controls for
implementation.
......
Source: Above contents are excerpted from the full-copy PDF -- translated/reviewed by: www.ChineseStandard.net / Wayne Zheng et al.
Tips & Frequently Asked QuestionsQuestion 1: How long will the true-PDF of English version of GB/T 25068.1-2020 be delivered?Answer: The full copy PDF of English version of GB/T 25068.1-2020 can be downloaded in 9 seconds, and it will also be emailed to you in 9 seconds (double mechanisms to ensure the delivery reliably), with PDF-invoice. Question 2: Can I share the purchased PDF of GB/T 25068.1-2020_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 25068.1-2020_English will be deemed to be sold to your employer/organization who actually paid for it, including your colleagues and your employer's intranet. Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. www.ChineseStandard.us -- GB/T 25068.1-2020 -- Click this link and select your country/currency to pay, the exact amount in your currency will be printed on the invoice. Full PDF will also be downloaded/emailed in 9 seconds. Question 5: Should I purchase the latest version GB/T 25068.1-2020?Answer: Yes. Unless special scenarios such as technical constraints or academic study, you should always prioritize to purchase the latest version GB/T 25068.1-2020 even if the enforcement date is in future. Complying with the latest version means that, by default, it also complies with all the earlier versions, technically. How to buy and download a true PDF of English version of GB/T 25068.1-2020?A step-by-step guide to download PDF of GB/T 25068.1-2020_EnglishStep 1: Visit website https://www.ChineseStandard.net (Pay in USD), or https://www.ChineseStandard.us (Pay in any currencies such as Euro, KRW, JPY, AUD).
Step 2: Search keyword "GB/T 25068.1-2020".
Step 3: Click "Add to Cart". If multiple PDFs are required, repeat steps 2 and 3 to add up to 12 PDFs to cart.
Step 4: Select payment option (Via payment agents Stripe or PayPal).
Step 5: Customize Tax Invoice -- Fill up your email etc.
Step 6: Click "Checkout".
Step 7: Make payment by credit card, PayPal, Google Pay etc. After the payment is completed and in 9 seconds, you will receive 2 emails attached with the purchased PDFs and PDF-invoice, respectively.
Step 8: Optional -- Go to download PDF.
Step 9: Optional -- Click Open/Download PDF to download PDFs and invoice.
See screenshots for above steps: Steps 1~3 Steps 4~6 Step 7 Step 8 Step 9
|