Eicon Networks S92 Uživatelský manuál stáhnout pdf (Strana 32)

YuChakTinMichael‘sGIACGCFWProjectAssignment

Page 32

n PolicyObjective7: Allinternalusers,aswellasallserversfrom the

Internal_Serverssegment, areallowedtosafelyaccesstheinternetviaproxying.

Intrusionviathisinternetlinkmustbeblocked.Therelevantpoliciesare

enforcedatISA_Cache,withadditionalprotectionsuchasJava/ActiveX

blockingprovidedbyNorton1_IDS,Norton2_IDSandNorton3_IDS.

WhydoweblockJavaandActiveXfortheusers?

JavaandActiveXmainlyrunontheusers’computers. Theyareclientside

Whydoweallowtheinternal serverstoaccesstheinternetviaproxying?

InGIAC,thereisnorealneedforserversintheInternal_Serverssegmentto

reachtheinternet.However,manyserversdorelyontheinternetasanupdate

medium(forexample,MicrosoftWindowsUpdate).Givingthemthecapability

toconnectallowscertaindegreeofflexibilityandproductivitygain.

WhydowedisallowtheRASuserstoaccessCritical_Resources?

InGIAC,theCritical_Resourcessegmentcontainsserverwithcriticaldatabase

records.Sincetheserecordscontaincriticalandsensitiveinformation,access

andupdatesmustbehandledseriously,andshouldbeconductedonlyinthe

office.Wedefinitelydonotwanttheserecordsto“leak”totheoutsideworldvia

thischannel.

WhydowedisallowtheRASuserstoaccesstheirowndesktops?

InGIAC,allresourcesaresupposedtobestoredintheservers.Byrestrictingthe

RASuserstoaccessonlytheservers,weareeffectivelyencouragingthemto

savefilesintheserversratherthantokeeplocalcopies.

1 2 ... 27 28 29 30 31 32 33 34 35 36 37 ... 208 209

Žádné komentáře

Eicon Networks S92 Uživatelský manuál Strana 32