Segregate servers that contain restricted data or information from direct public access.

UCF ID: 00533

Control Type: Process or Activity

Status: Live

Supporting and supported controls

This control directly supports:

Establish and maintain documentation for controlling the network configuration. [UCF Control ID 00530]

This control has the following supporting controls:

Design DMZ areas with proper isolation rules. [UCF Control ID 00532]

Restrict inbound Internet traffic within the DMZ. [UCF Control ID 01285]

Segregate applications and databases that contain restricted data or information from the DMZ by placing them in an internal network zone. [UCF Control ID 01289]

Restrict outbound traffic from systems that contain restricted data or information. [UCF Control ID 01295]

Authority documents complied with:

FFIEC IT Examination Handbook – Information Security, Pg 18, Pg 20, Pg 38, Exam Tier I Obj 2.3; Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, Version 1.2.1, § 1.3.1; ISF Security Audit of Networks, § 1.3.4; The Standard of Good Practice for Information Security, SM4.1.7(f), CB6.4.2(b), NW1.2.2(c), SD4.6.3(b); The Center for Internet Security Wireless Networking Benchmark, Version 1.0 April 2005, § 2.2 (2.2.160); DISA Secure Remote Computing Security Technical Implementation Guide, Version 1, Release 2, § 2.1, § 4.2.3; ISO/IEC 15408-2 Common Criteria for Information Technology Security Evaluation Part 2, 2008, § 15.11, § J.11; ISO/IEC 17799 Code of Practice for Information Security Management, 2005, § 11.4.5; ISO/IEC 27002 Code of practice for information security management, 2005, § 11.4.5; Australian Government ICT Security Manual (ACSI 33), § 3.5.16; Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance All other Merchants and all SAQ-Eligible Service Providers, Version 1.2, § 1.3.1; ISO/IEC 13335-4 Information technology — Guidelines for the management of IT Security — Part 4: Selection of safeguards, 2000, ¶ 8.2.4(3)(4), ¶ 9.2 Table Row “Network Configuration”, ¶ 9.2 Table Row “Network Segregation”; ISO/IEC 13335-5 Information technology — Guidelines for the management of IT Security — Part 5: Management guidance on network security, 2001, ¶ 13.3.2; Recommended Security Controls for Federal Information Systems, NIST SP 800-53, Revision 3, App F § SC-14

Banking and Finance Guidance

The organization should create security domains to mitigate the risks to each individual domain. [Pg 18, Pg 20, Pg 38, Exam Tier I Obj 2.3, FFIEC IT Examination Handbook – Information Security]

Payment Card Guidance

The organization must install a demilitarized zone (DMZ) in order to prohibit inbound and outbound traffic from direct public access except for necessary protocols. [§ 1.3.1, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, Version 1.2.1]

The organization must install a demilitarized zone (DMZ) in order to prohibit inbound and outbound traffic from direct public access except for necessary protocols. [§ 1.3.1, Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance All other Merchants and all SAQ-Eligible Service Providers, Version 1.2]

NIST Guidance

The organization should implement controls to protect the integrity and availability of public information and applications. [App F § SC-14, Recommended Security Controls for Federal Information Systems, NIST SP 800-53, Revision 3]

Other Configuration Guidance

A DMZ or VLAN should be used to separate the wireless network from the wired network. [§ 2.2 (2.2.160), The Center for Internet Security Wireless Networking Benchmark, Version 1.0 April 2005]

Webmail application servers must be located in a DMZ. Remote access servers and network access servers must be located in dual homed screened subnets. [§ 2.1, § 4.2.3, DISA Secure Remote Computing Security Technical Implementation Guide, Version 1, Release 2]

ISO Guidance

The system should maintain a security domain to protect it from interference and tampering by untrusted objects. [§ 15.11, § J.11, ISO/IEC 15408-2 Common Criteria for Information Technology Security Evaluation Part 2, 2008]

Networks should be segregated by using a firewall, IP switching, virtual private networks, or another method. The criteria for segregation into domains should be based on the access control policy, the value and classification of the information, and the levels of trust. [§ 11.4.5, ISO/IEC 17799 Code of Practice for Information Security Management, 2005]

Networks should be segregated by using a firewall, IP switching, virtual private networks, or another method. The criteria for segregation into domains should be based on the access control policy, the value and classification of the information, and the levels of trust. [§ 11.4.5, ISO/IEC 27002 Code of practice for information security management, 2005]

¶ 8.2.4(3)(4) Network Management. An organization should implement safeguards to achieve network management, which includes planning, operation and administration of networks. The proper configuration and administration of networks is an effective means to reduce risks. Safeguards in the area of network management are listed below.
3. Network Configuration
An appropriate network configuration should be implemented for reliable functioning. This includes a standardized approach for the configuration of servers throughout the organization, and good documentation. Servers used for special purposes should only used for these purposes (e.g. no other tasks should run on a firewall), and that sufficient protection from failure is in place.
4. Network Segregation
In order to minimize the risks and the possibilities of misuse in a network in operation, business areas dealing with critical business issues and information should be kept separate, logically or physically. As well, development facilities should be separated from operational facilities.
¶ 9.2 Table Row “Network Configuration” in safeguard Network Management should be implemented under normal circumstances for Servers or Workstations with Shared Resources Connected to a Network.
¶ 9.2 Table Row “Network Segregation” in safeguard Network Management should be implemented under normal circumstances for Servers or Workstations with Shared Resources Connected to a Network. [¶ 8.2.4(3)(4), ¶ 9.2 Table Row “Network Configuration”, ¶ 9.2 Table Row “Network Segregation”, ISO/IEC 13335-4 Information technology — Guidelines for the management of IT Security — Part 4: Selection of safeguards, 2000]

Remote Log-in. Remote log-ins, whether from authorized personnel working away from the organization, from remote maintenance engineers, or personnel from other organizations, are accomplished either via dial-ups to the organization, Internet connections, dedicated trunks from other organizations, or shared access through the Internet. They are connections established at need by either internal systems or contractual partners using public networks. Each type of remote log-in requires additional safeguards appropriate to the nature of the connection type. Safeguard examples are:
• not allowing direct access to system and network software from accounts used for remote access, except where additional authentication has been provided (see clause 13.3.3 below), and perhaps end-to-end encryption,
• protecting information associated with e-mail software and directory data stored on PCs and laptops used outside of an organization's offices by its personnel, from unauthorized access. [¶ 13.3.2, ISO/IEC 13335-5 Information technology — Guidelines for the management of IT Security — Part 5: Management guidance on network security, 2001]

General Guidance

[§ 1.3.4, ISF Security Audit of Networks]

Systems should be segregated based on the security requirements, such as trusted and untrusted domains. Dedicated computers should be used as web servers when they support applications. [SM4.1.7(f), CB6.4.2(b), NW1.2.2(c), SD4.6.3(b), The Standard of Good Practice for Information Security]

Asia and Pacific Rim Guidance

When high-risk servers connect to public domain networks, the organization should minimize the communications between the servers at the network and file levels, maintain separation between the servers, and limit access from users and programs to the minimum amount required to perform their duties/operations. [§ 3.5.16, Australian Government ICT Security Manual (ACSI 33)]