Acrónimos: BPC, BPS

Ver:

·         Pasarela de seguridad

·         Dispositivo de protección perimetral

·         Guardia

·         Cortafuegos

·         Air gap

Combinación de hardware y/o software, denominado Dispositivo de Protección de Perímetro, cuya finalidad es mediar en el tráfico de entrada y salida en los puntos de interconexión de los sistemas. [CCN-STIC-301:2006] [CCN-STIC-302:2012]

Physical or logical perimeter of a system.

A conceptual perimeter that extends to all intended users of the system, both directly and indirectly connected, who receive output from the system. without a reliable human review by an appropriate authority. The location of such a review is commonly referred to as an “air gap.” [CNSSI_4009:2010]

Monitoring and control of communications at the external boundary of an information system to prevent and detect malicious and other unauthorized communications, through the use of boundary protection devices (e.g., proxies, gateways, routers, firewalls, guards, encrypted tunnels).

A device with appropriate mechanisms that facilitates the adjudication of different security policies for interconnected systems.

NIST SP 800.53: A device with appropriate mechanisms that: (i) facilitates the adjudication of different interconnected system security policies (e.g., controlling the flow of information into or out of an interconnected system); and/or (ii) provides information system boundary protection.

[CNSSI_4009:2010]

Monitoring and control of communications at the external boundary of an information system to prevent and detect malicious and other unauthorized communications, through the use of boundary protection devices (e.g., proxies, gateways, routers, firewalls, guards, encrypted tunnels). [NIST-SP800-53:2013]

A component of a system that provides a Boundary Protection Service.

Note: a combination of multiple BPC may be required to implement a particular BPS; a single BPC may contribute to implement more than one BPS (e.g., the Unified Threat Management concept). Traditionally BPC were found at the security boundary providing network level BPS, but BPC may be distributed throughout the CIS, to include BPC at the desktop. Examples: content checking software (e.g. anti-virus, antispam), firewall, data diode, backup components, guard, filtering router, access router, proxy servers, network and host level intrusion prevention/detection, encryptor.

A service that mediates information flows and/or mitigates security risk introduced by an interconnection. Examples: Entity authentication, access control, data integrity, system integrity.