Proceedings of EC2ND'07:
ISi-LANA - A Secure Basic Architecture for Networks Connected to the Internet
Thomas Haeberlen, Federal Office for Information Security (BSI), Germany

Abstract
This P-A-Per gives a brief summary of a study compiled for the German Federal Office for Information Security (BSI). The study will be published as part of a new series of documents on Internet security later this year. A basic architecture to support secure operation of a network connected to the internet is proposed. By implementing this basic architecture, the risks associated with connecting a network to the internet, can be greatly reduced. The basic architecture and recommendations cover the robust design of the network, the selection and configuration of network equipment, as well as aspects of network operations. The view is mostly on security aspects of the lower layers of the TCP/IP reference model; application specific aspects of internet security will be subject of additional studies scheduled to appear later in 2007 and in 2008.

Download this paper: pdf