Is a two-tier firewall architecture a requriement for BS7799?
#1
As far as I know, there is no requirement in BS7799 to use mutiple firewalls, i.e. one for internet facing and one between DMZ and back-end.
Can someone please confirm?
Cheers...
Can someone please confirm?
Cheers...
#2
Scooby Regular
Join Date: Nov 2001
Location: Leeds - It was 562.4bhp@28psi on Optimax, How much closer to 600 with race fuel and a bigger turbo?
Posts: 15,239
Likes: 0
Received 1 Like
on
1 Post
I dont think it is and Im not looking through the massive document I have... you can get it on pdf... and then search..
David
David
#4
Yeah I had a 'quick' read through Pt1 and 2, and can't see it *explicity* saying you should use two firewalls. However, it may be implied somewhere.
A two-tier approach is obviously a better approach for many reasons, but I doubt quoting BS7799 (like someone did) is not a valid reason.
A two-tier approach is obviously a better approach for many reasons, but I doubt quoting BS7799 (like someone did) is not a valid reason.
#5
Scooby Regular
Join Date: May 2001
Location: Scotland
Posts: 4,580
Likes: 0
Received 0 Likes
on
0 Posts
Ok, BS7799 does not state that you need dual level protection, it would be your risk assessment that states if dual level is required to protect your system.
#6
Not completely necessary for BS7799 - is this for commercial or gov use?
Good security practice states that you should have different firewalls here say a Nokia FW1 box at the front, then something like a PIX or a cyberguard on a seperate LAN for your databases - good Intrusion Detection systems area also advisable providing you have the man power to resource it - the same goes for all IP related security.
At the end of the day, the clever hacker will merely phone someone up in your company and ask for their user name and password - it's so easy!
You shoyuld also dual everything if you want the maximum uptime - bet you've got more than one disk in your server?
Good security practice states that you should have different firewalls here say a Nokia FW1 box at the front, then something like a PIX or a cyberguard on a seperate LAN for your databases - good Intrusion Detection systems area also advisable providing you have the man power to resource it - the same goes for all IP related security.
At the end of the day, the clever hacker will merely phone someone up in your company and ask for their user name and password - it's so easy!
You shoyuld also dual everything if you want the maximum uptime - bet you've got more than one disk in your server?
#7
Not a direct requirement for BS7799, more relevant to BS7799 is how staff are trained as suggested above (and other things). Sometimes they just give out the password to a phone call.....oh and keep an eye on those server boys. A Vulnerability is a vulnerability regardless how many firewalls it traverses.
In a Corp environment it is best practise, perhaps mix Network/Application and other technologies (more so than badges of the same thing).
..r
In a Corp environment it is best practise, perhaps mix Network/Application and other technologies (more so than badges of the same thing).
..r
Trending Topics
#8
Scooby Regular
Join Date: May 2000
Location: MY00,MY01,RX-8, Alfa 147 & Focus ST :-)
Posts: 10,371
Likes: 0
Received 0 Likes
on
0 Posts
Might be worth your company considering to join the Information Security Forum
Have a look at their site and look at the guidelines they setout. It is based around BS7799 certification. It is also good to pick other members brains, as you can bet that someone has already come across a problem you are having before.
Chris
Have a look at their site and look at the guidelines they setout. It is based around BS7799 certification. It is also good to pick other members brains, as you can bet that someone has already come across a problem you are having before.
Chris
#9
Scooby Regular
Join Date: Oct 2000
Location: Surrey, UK
Posts: 8,384
Likes: 0
Received 0 Likes
on
0 Posts
Sorry, this isn't what you asked for - but surely whether this is a requirement of BSxxxxx or not - it is highly advisable, as the environment will be more flexible, secure, etc.. tried n tested and all that.
Plus.. BTTT for you...
[Edited by DrEvil - 1/7/2003 4:23:26 PM]
Plus.. BTTT for you...
[Edited by DrEvil - 1/7/2003 4:23:26 PM]
#10
Scooby Regular
Join Date: May 2001
Location: Scotland
Posts: 4,580
Likes: 0
Received 0 Likes
on
0 Posts
I'm 99% certain its not a requirement for this, I can check tomorrow though, I'm on a ISMS BS7799 pt2 auditors course this week
[Edited by mega_stream - 1/7/2003 7:30:36 PM]
[Edited by mega_stream - 1/7/2003 7:30:36 PM]
Thread
Thread Starter
Forum
Replies
Last Post
David_Wallis
Computer & Technology Related
11
05 December 2002 11:29 PM
2tier, approach, architecture, boards, discussion, firewall, firewalls, isa, purpose, requirements, tier, tier1, tiers, tire, twotier