Shulou(Shulou.com)06/02 Report--

This article mainly introduces the iatf framework how to divide the information system, has a certain reference value, interested friends can refer to, I hope you can learn a lot after reading this article, the following let the editor take you to understand it.

It is divided into four parts: 1, to protect the local computing environment; 2, to protect regional boundaries, in order to obtain information and services from professional or public networks, many organizations connect to these networks through their information infrastructure; 3, protect networks and infrastructure; 4, protect supportive infrastructure.

The operating environment of this tutorial: windows10 system, Dell G3 computer.

The IATF Information Assurance Technology Framework is a guidance document that describes information security designated by the National Security Agency of the United States. After China introduced IATF3.0 into China in 2002, IATF began to play an important reference and guidance role in the development of information security work and the construction of information security guarantee system in our country.

The core idea of information guarantee put forward by IATF is defense in depth strategy. The so-called defense in depth strategy is the use of multi-level, in-depth security measures to ensure the security of user information and information systems. Personnel, technology and operations are the core factors in the defense-in-depth strategy. To ensure the security of information and information systems, none of the three is indispensable.

IATF proposes three core elements: people, technology, and operations. Although IATF focuses on technical factors, it also points out the importance of the element of "people". People are management, and management also plays a key role in the construction of information security system. It can be said that technology is the foundation of security and management is the soul of security. Therefore, safety management should be strengthened while paying attention to the application of safety technology.

In the three main dimensions of this strategy, IATF emphasizes technology and provides a framework for multi-tier protection against threats to information systems. This method makes it impossible for an attack that can break through one layer or a class of protection to destroy the entire information infrastructure.

IATF divides the information guarantee technical level of the information system into four technical framework focus areas: local computing environment, regional boundaries, network and infrastructure, and supporting infrastructure. Within each focus area, IATF describes its unique security requirements and corresponding technical measures to choose from.

1) protect the local computing environment

Users need to protect internal system applications and servers, including a variety of existing and emerging applications in the high-end environment of the system, including security services such as reuse, identification and authentication access control, confidentiality, data integrity and non-repudiation. In order to meet the above requirements, the following security objectives should be achieved: to ensure that clients, servers, and applications are protected from denial of service, unauthorized disclosure of data, and data changes; to ensure the confidentiality and integrity of the data processed by the client, server, or application, whether it is within or outside an area; and to prevent unauthorized use of clients, servers, or applications Ensure that the client and server follow the security configuration guidelines and install all patches correctly; maintain all client and server configuration management and track patches and system configuration changes; and have sufficient protection against violations and attacks on the system by internal and external trusted personnel.

2) protect the boundary of the area

In order to obtain information and services from professional or public networks, many organizations connect to these networks through their information infrastructure. Once, these organizations must protect their information infrastructure, such as protecting their local computer environment from intrusion. A successful intrusion can lead to damage to availability, integrity, or confidentiality. Objectives that meet this requirement include: ensuring adequate protection of physical and logical areas; adopting dynamic suppression services against volatile threats; ensuring that systems and networks in the protected area maintain their acceptable availability, and will not be unduly disclosed; provide boundary protection for systems in the area that cannot protect themselves due to technical or configuration problems Provide risk management approaches that selectively allow important information to flow across regional boundaries; protect systems and data within protected areas from external systems or attacks; and provide strong authentication and authenticated access controls for information sent or received by users outside the region.

3) protect the network and infrastructure

In order to maintain information services and protect public, private or confidential information from inadvertently disclosing or altering such information, institutions must protect their networks and infrastructure. Objective protection that meets this requirement: ensuring that the data exchanged throughout the WAN will not be disclosed to any unauthorized network visitors; ensuring that the WAN supports critical tasks and supporting data tasks to prevent denial of service attacks; prevent delay, mistransmission and non-transmission of protected information during transmission; protect network infrastructure control information Make sure that the protection mechanism is not disturbed by various seamless operations that exist between other authorized hubs or regional networks.

4) Protection of supportive infrastructure

Supportive infrastructure is another technical aspect of defense in depth. It provides key management, detection, and response capabilities for defense-in-depth strategies. The required supporting infrastructure components capable of detection and response include intrusion detection system and audit configuration system. The objectives that meet this requirement are as follows: to provide a cryptographic infrastructure that supports key, priority and certificate management, and to be able to identify individuals using network services; to be able to quickly detect and respond to intrusions and other violations; implement the plan and report on continuity and reconstruction requirements.

Thank you for reading this article carefully. I hope the article "how to divide the Information system in iatf Framework" shared by the editor will be helpful to everyone. At the same time, I also hope that you will support and pay attention to the industry information channel. More related knowledge is waiting for you to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.