|
|
|
|
|
|
||
|
|
||||||
|
|
||||||
|
CLydeNET Site Security Considerations |
|
|
|||
Introduction
One of the most important aspects of
network security is to establish who is responsible for what. It is a matter
of fact that the Internet is an increasingly hostile place and that Sites
connected to the Internet must address the many potential threats to the
integrity of their networks, systems, data and applications. ClydeNET is
basically a transit network designed to operate as fast as possible without
placing any unnecessary obstacles in the data communications paths. It is
therefore essential that sites recognise that the security of their networks,
systems, data and applications are their own responsibility. However since
all the ClydeNET core and site routers fall under the same centralised
management domain there is scope for a consistent set of basic security
policies applied as security access control lists (ACLs) to all ClydeNET
routers. These ACLs implement a good balance between accepted best practices
and the experience of the ClydeNET operations team; the current version of
the default router ACLs are presented below for inspection. Of course
ClydeNET sites may request changes to their default router ACLs or indeed
that the ACLs be removed entirely because of local security policies and
measures. ClydeNET sites are strongly encouraged to establish a Computer
Emergency Response Team (CERT) contact and subscribe to the UKERNA security
e-mail list. ClydeNET sites may obtain additional security advice from the
following sources:
Router
Access Control Lists (ACLs)
Each ClydeNET site router has been configured
with two security ACLs. The first acl applies to traffic coming from ClydeNET
to the site and the second acl applies to traffic coming from the site to
ClydeNET. Full details of these ACLs can be found in each sites ClydeNET Information Pack |
||||||
|
|
||||||
|
|
||||||
|
|
|
|
||||
