Band Web Hosting Security Requirements Band Hosting

RFC 3871           Operational Security Requirements      September 2004

      because they provide a stable, routable address.  Services bound

      to the addresses of physical interface addresses might become

      unreachable if the associated hardware goes down, is removed, etc.

      This requirement makes it possible to restrict access to

      management services using routing.  Management services may be

      bound only to the addresses of loopback interfaces.  The loopback

      interfaces may be addressed out of net blocks that are only routed

      between the managed devices and the authorized management

      networks/hosts.  This has the effect of making it impossible for

      anyone to connect to (or attempt to DoS) management services from

      anywhere but the authorized management networks/hosts.

      It also greatly reduces the need for complex filters.  It reduces

      the number of ports listening, and thus the number of potential

      avenues of attack.  It ensures that only traffic arriving from

      legitimate addresses and/or on designated interfaces can access

      services on the device.

   Examples.

      If the device listens for inbound SSH connections, this

      requirement means that it should be possible to specify that the

      device will only listen to connections destined to specific

      addresses (e.g., the address of the loopback interface) or

      received on certain interfaces (e.g., an Ethernet interface

      designated as the "management" interface).  It should be possible

      in this example to configure the device such that the SSH is NOT

      listening to every address configured on the device.  Similar

      effects may be achieved with the use of global filters, sometimes

      called "receive" or "loopback" ACLs, that filter traffic destined

      for the device itself on all interfaces.

   Warnings.

      None.

2.5.4.  Ability to Control Service Source Addresses

   Requirement.

      The device MUST provide a means that allows the user to specify

      the source addresses used for all outbound connections or

      transmissions originating from the device.  It SHOULD be possible

      to specify source addresses independently for each type of

      outbound connection or transmission.  Source addresses MUST be

      limited to addresses that are assigned to interfaces (including

      loopbacks) local to the device.

Jones                        Informational                     [Page 31]





Unlimited Web Hosting





  
    
      
        Home :: RegularHostingPlan :: 
          DatabaseHostingPlan :: 
          JavaHostingPlan :: 
          CompareOurPlans :: AboutUs - 
          Our Network :: 
          Testimonials 
          WhyChooseTotalRoute.net :: 
          MoneyBackQuarantee :: 
          SupportOnline :: FAQ :: 
          ControlPanel :: 
          24/7TechSupport :: 
          ContactUs :: 
          Order 
          TransferYourSite :: 
          Sitemap :: 
            TermsOfService
      Band Web Hosting 
    
  
  
    Our partners:Jsp Web   Hosting 
      Unlimited Web Hosting 
      Cheapest Web   Hosting  Java Web Hosting 
      Web   Templates 
      Best Web Templates 
      Web Design   Templates 
      Interland Web Hosting 
      Cheap Web Hosting  
      Java Web Hosting   
      Tomcat Web Hosting 
      Quality Web   Hosting 
    Best Web Hosting  Mac Web   Hosting
  
  
    TotalRoute.net Business web hosting division of Vision Web Hosting Inc. All rights reserved.