Acrónimos: BPC,
BPS
Ver:
· Dispositivo de protección perimetral
· Guardia
· Air gap
Combinación
de hardware y/o software, denominado Dispositivo de Protección de Perímetro,
cuya finalidad es mediar en el tráfico de entrada y salida en los puntos de
interconexión de los sistemas. [CCN-STIC-301:2006] [CCN-STIC-302:2012]
Physical or
logical perimeter of a system.
A conceptual
perimeter that extends to all intended users of the system, both directly and
indirectly connected, who receive output from the system. without a reliable
human review by an appropriate authority. The location of such a review is
commonly referred to as an air gap. [CNSSI_4009:2010]
Monitoring and
control of communications at the external boundary of an information system to
prevent and detect malicious and other unauthorized communications, through the
use of boundary protection devices (e.g., proxies, gateways, routers,
firewalls, guards, encrypted tunnels).
A device with
appropriate mechanisms that facilitates the adjudication of different security
policies for interconnected systems.
NIST SP 800.53: A
device with appropriate mechanisms that: (i) facilitates the adjudication of
different interconnected system security policies (e.g., controlling the flow
of information into or out of an interconnected system); and/or (ii) provides
information system boundary protection.
[CNSSI_4009:2010]
Monitoring and
control of communications at the external boundary of an information system to
prevent and detect malicious and other unauthorized communications, through the
use of boundary protection devices (e.g., proxies, gateways, routers,
firewalls, guards, encrypted tunnels). [NIST-SP800-53:2013]
A component of a
system that provides a Boundary Protection Service.
Note: a
combination of multiple BPC may be required to implement a particular BPS; a
single BPC may contribute to implement more than one BPS (e.g., the Unified
Threat Management concept). Traditionally BPC were found at the security
boundary providing network level BPS, but BPC may be distributed throughout the
CIS, to include BPC at the desktop. Examples: content checking software (e.g.
anti-virus, antispam), firewall, data diode, backup components, guard,
filtering router, access router, proxy servers, network and host level
intrusion prevention/detection, encryptor.
A service that
mediates information flows and/or mitigates security risk introduced by an
interconnection. Examples:
Entity authentication, access control, data integrity, system integrity.
Temas relacionados