I have the following problematic that I am currently dealing with. I have two zones/perimeters that need to be interconnected, some standards protocols have to be whitelisted such as HTTP, FTP, SSH and so on. But the only issue that the two zones don't have the same severity in terms of data security and so on. There is already a firewall in place but I thought that it would be better to have some kind of bastion hosts proxying every requests from zone1 to zone2 and vice-versa. My question is: is there is specific reference from the standards / good practices (PCI/DSS, ISO2K, CIS Controls, NIST, G7 ...) that say so or I am just being paranoid? (I am 100% convinced that there is but I can't have my hand on it). I need this reference to convince the IT guys!!!
Asked
Active
Viewed 78 times
0
-
Most standards do not work that way. The gist of a lot of standards is: "You have to have security measures in place that adhere to your threat model." Then they will give you pointers in the right direction. (This depends from standard to standard.) – Tom K. May 02 '19 at 12:56
-
@Tom K. NIST SP 800-47, NIST SP 800-53 both say something about it but not that specific (PR.AC-5: network integrity is protected, incorporating network segregation where appropriate). The question still remains: there should be some kind of checkilist to assess in order to decide whether segregation is appropriate or not. And this covers only network segregation, not the interconnection ... I m still lost! – Ants0 May 02 '19 at 13:31