EBPW-1 Public WAN Connection
Overview
Connections between DoD enclaves and the Internet or other public or commercial wide area networks require a demilitarized zone (DMZ).
| MAC / CONF | Impact | Subject Area |
|---|---|---|
| SENSITIVE PUBLIC | High | Enclave Boundary Defense |
Details
| Threat |
|---|
| When DoD systems are connected to public networks without the proper DMZ configuration unscrupulous individuals or groups can access sensitive information within an enclave and launch denial of service attacks. Â The use of a DMZ adds a reasonable layer of protection against external untrusted networks and DoD systems. |
| Guidance |
|---|
| 1. Components shall identify the need for utilitzing a DMZ. 2. A Firewall device and routing schema shall be employed , i.e.: use of a dual-honed with screened subnet firewall architecture. 3. Refer to DoD or other applicable guidance for proper connection requirements and procedures. |
References
- CJCSM 6510.01, Defense-in-Depth: Information Assurance (IA) and Computer Network Defense (CND), 10 August 2004
- DISA Network Infrastructure STIG, Version 6 Draft, 29 October 2004
- DISA Enclave Security STIG, Version 2, Release 1, 01 July 2004
- DISA Web Server STIG, Version 5 Draft, 26 July 2004