Sub-Requirement 1.3.1

Illustrative Controls and the TIBCO LogLogic Solution

A De-Militarized Zone (DMZ) is a network segment where servers are placed if they have to process inbound traffic from the Internet. These servers in the DMZ are responsible for brokering communication between the Internet and other internal servers. This adds an extra layer of protection for the internal network.

No Internet traffic should be able to access internal servers directly. All inbound traffic should be directed to IP addresses within the DMZ. Administrators must configure their firewall policy to specifically deny any Internet traffic to the internal network.

Administrators should review firewall logs to ensure no traffic is initiated from the Internet to the internal network. Administrators should also setup real-time alerts to ensure any such traffic is reviewed. Any firewall policy allowing inbound traffic directly to the internal network should be heavily scrutinized.

Reports and Alerts

Use the following link/reference to see the 1.3.1 reports and alerts: 1.3.1 on page 92.