Combinación
de hardware y/o software, denominado Dispositivo de Protección de Perímetro,
cuya finalidad es mediar en el tráfico de entrada y salida en los puntos de
interconexión de los sistemas. [CCN-STIC-301:2006] [CCN-STIC-302:2012]
Physical or logical
perimeter of a system.
A conceptual perimeter that
extends to all intended users of the system, both directly and indirectly
connected, who receive output from the system. without a reliable human review
by an appropriate authority. The location of such a review is commonly referred
to as an “air gap.” [CNSSI_4009:2010]
Monitoring and control of
communications at the external boundary of an information system to prevent and
detect malicious and other unauthorized communications, through the use of
boundary protection devices (e.g., proxies, gateways, routers, firewalls,
guards, encrypted tunnels).
A device with appropriate
mechanisms that facilitates the adjudication of different security policies for
interconnected systems.
NIST SP 800.53: A device
with appropriate mechanisms that: (i) facilitates the adjudication of different
interconnected system security policies (e.g., controlling the flow of
information into or out of an interconnected system); and/or (ii) provides
information system boundary protection.
[CNSSI_4009:2010]
Monitoring and control of
communications at the external boundary of an information system to prevent and
detect malicious and other unauthorized communications, through the use of
boundary protection devices (e.g., proxies, gateways, routers, firewalls,
guards, encrypted tunnels). [NIST-SP800-53:2013]
A component of a system that
provides a Boundary Protection Service.
Note: a combination of
multiple BPC may be required to implement a particular BPS; a single BPC may
contribute to implement more than one BPS (e.g., the Unified Threat Management
concept). Traditionally BPC were found at the security boundary providing
network level BPS, but BPC may be distributed throughout the CIS, to include
BPC at the desktop. Examples: content checking software (e.g. anti-virus,
antispam), firewall, data diode, backup components, guard, filtering router, access
router, proxy servers, network and host level intrusion prevention/detection,
encryptor.
A service that mediates
information flows and/or mitigates security risk introduced by an
interconnection. Examples:
Entity authentication, access control, data integrity, system integrity.