1
/
of
12
PayPal, credit cards. Download editable-PDF and invoice in 1 second!
GB/T 31505-2015 English PDF (GBT31505-2015)
GB/T 31505-2015 English PDF (GBT31505-2015)
Regular price
$510.00 USD
Regular price
Sale price
$510.00 USD
Unit price
/
per
Shipping calculated at checkout.
Couldn't load pickup availability
Delivery: 3 seconds. Download true-PDF + Invoice.
Get QUOTATION in 1-minute: Click GB/T 31505-2015
Historical versions: GB/T 31505-2015
Preview True-PDF (Reload/Scroll if blank)
GB/T 31505-2015: [Replaced by GB/T 20281-2020] Information security technology -- Technique requirements and testing and evaluation approaches for host-based firewall and personal firewall
GB/T 31505-2015
GB
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Information security technology - Technique
requirements and testing and evaluation approaches
for host-based firewall and personal firewall
ISSUED ON: MAY 15, 2015
IMPLEMENTED ON: JANUARY 01, 2016
Issued by: General Administration of Quality Supervision, Inspection and
Quarantine;
Standardization Administration of PRC.
Table of Contents
Foreword ... 3
1 Scope ... 4
2 Normative references ... 4
3 Terms and definitions ... 4
4 Descriptions of host-based firewall and personal firewall ... 5
5 Security technical requirements ... 5
5.1 General description ... 5
5.2 Basic level requirements ... 6
5.3 Enhanced level requirements ... 13
6 Test evaluation method ... 26
6.1 Test environment ... 26
6.2 Basic level test ... 26
6.3 Enhanced level test ... 41
Information security technology - Technique
requirements and testing and evaluation approaches
for host-based firewall and personal firewall
1 Scope
This standard specifies the security technical requirements, evaluation methods,
security classification of host-based firewalls.
This standard applies to the design, development and testing of host-based
firewall and personal firewall.
2 Normative references
The following documents are essential to the application of this document. For
the dated documents, only the versions with the dates indicated are applicable
to this document; for the undated documents, only the latest version (including
all the amendments) are applicable to this standard.
GB/T 18336.3-2008 Information technology - Security techniques -
Evaluation criteria for IT security - Part 3: Security assurance requirements
GB/T 25069 Information security technology - Glossary
3 Terms and definitions
The terms and definitions as defined in GB/T 25069 as well as the following
terms and definitions apply to this document.
3.1
Host-based firewall and personal firewall
It is also known the host-based firewall or personal firewall, which is a
software which runs on standalone computer. It can monitor the inbound and
outbound network connections on the host; perform network address-based
and application-based access control through predefined rules. It also
usually has other security functions such as anti-malware, intrusion
detection, network alert, etc.
5.2.1.5.3 Timeout lock or logout
The product shall have login timeout lock or logout function. If there is no
operation within the set time period, the session is terminated; it needs the
identity authentication again for the purpose of re-operation. The maximum
timeout period can only be set by an authorized administrator.
5.2.1.6 Security management
5.2.1.6.1 Identification uniqueness
The product shall provide a unique identifier for the user; at the same time
associate the user's identifier with all auditable events of the user.
5.2.1.6.2 Administrator attribute definition
If the product supports policy center for distributed deployment and centralized
management, the policy center shall be able to divide the roles of administrators:
a) Administrator roles with at least two different permissions, such as security
officer, auditor, etc.;
b) According to different functional modules, customize various different
authority roles and assign roles to administrators.
5.2.1.6.3 Remote management encryption
If the product supports the policy center and implements remote management
of the temporary policy center, it shall take confidential measures to protect the
remote management information implemented by the policy center.
5.2.1.6.4 Trusted management host
If the product supports the policy center and the console provides remote
management functions, it shall be able to limit the host addresses that can be
remotely managed.
5.2.1.7 Security audit
The product shall have a security audit function; the specific technical
requirements are as follows:
a) Type of recording event:
1) Network communication information matching packet filtering rules;
2) The administrator's login success and failure;
3) The operation of changing the security policy;
When delivering each version of the product to the user, the delivery document
shall describe all procedures necessary to maintain security.
5.2.2.2.2 Installation, generation, startup of program
The developer shall provide documentation explaining the process of product
installation, generation and startup.
5.2.2.3 Development
5.2.2.3.1 Description of informal function specification
The developer shall provide a functional specification, which shall meet the
following requirements:
a) Use informal styles to describe product security functions and external
interfaces;
b) Is internally consistent;
c) Describe the purpose and usage of all external interfaces; provide details
of effects, exceptions and error messages when appropriate;
d) Completely express product security functions.
5.2.2.3.2 Descriptive high-level design
Developers shall provide high-level designs for product security functions; high-
level designs shall meet the following requirements:
a) Representation shall be informal;
b) Is internally consistent;
c) Describe the structure of the security function based on subsystem;
d) Describe the security functions provided by each security function
subsystem;
e) Identify any basic hardware, firmware or software required by the security
function, as well as a representation of the functions provided by the
supporting protection mechanisms implemented in these hardware,
firmware or software;
f) Identify all interfaces of the security function level;
g) Identify which interfaces of the security function subsystems are externally
visible.
packet. When the same type and code field are matched, it will be
processed according to the packet processing method in the
corresponding rule;
2) According to the local port (including single port and < or> port range)
and < or> remote port (including single port and < or> port range) in the
UDP network data packet, perform rule matching;
3) According to the local port (including single port and < or> port range)
and < or> remote port (including single port and < or> port range) in the
TCP network data packet, as well as the flag bit of the TCP data packet,
perform rule matching filter.
d) Filter actions include:
1) Interception;
2) Access;
3) Continue to match the next rule.
5.3.1.2 Revision of security rules
The product shall provide default security rules, which can be revised by users:
a) Users can choose to use or abandon the security rules as provided by the
host-based firewall and personal firewall;
b) Users can add, delete, modify custom security rules according to the
format requirements in 5.3.1.1.
5.3.1.3 Application network access control
The security function of the product shall be able to control the permission of
each application on the host to use the network; the control of application
access to the network shall include the following three methods:
a) Access allowed: Allow the application to use the network;
b) Access prohibited: Prohibit the application from using the network;
c) Inquiry when accessing the network: When the application accesses the
network, it shall be able to provide users with detailed reports and inquiries
about the access operations it wi...
Get QUOTATION in 1-minute: Click GB/T 31505-2015
Historical versions: GB/T 31505-2015
Preview True-PDF (Reload/Scroll if blank)
GB/T 31505-2015: [Replaced by GB/T 20281-2020] Information security technology -- Technique requirements and testing and evaluation approaches for host-based firewall and personal firewall
GB/T 31505-2015
GB
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Information security technology - Technique
requirements and testing and evaluation approaches
for host-based firewall and personal firewall
ISSUED ON: MAY 15, 2015
IMPLEMENTED ON: JANUARY 01, 2016
Issued by: General Administration of Quality Supervision, Inspection and
Quarantine;
Standardization Administration of PRC.
Table of Contents
Foreword ... 3
1 Scope ... 4
2 Normative references ... 4
3 Terms and definitions ... 4
4 Descriptions of host-based firewall and personal firewall ... 5
5 Security technical requirements ... 5
5.1 General description ... 5
5.2 Basic level requirements ... 6
5.3 Enhanced level requirements ... 13
6 Test evaluation method ... 26
6.1 Test environment ... 26
6.2 Basic level test ... 26
6.3 Enhanced level test ... 41
Information security technology - Technique
requirements and testing and evaluation approaches
for host-based firewall and personal firewall
1 Scope
This standard specifies the security technical requirements, evaluation methods,
security classification of host-based firewalls.
This standard applies to the design, development and testing of host-based
firewall and personal firewall.
2 Normative references
The following documents are essential to the application of this document. For
the dated documents, only the versions with the dates indicated are applicable
to this document; for the undated documents, only the latest version (including
all the amendments) are applicable to this standard.
GB/T 18336.3-2008 Information technology - Security techniques -
Evaluation criteria for IT security - Part 3: Security assurance requirements
GB/T 25069 Information security technology - Glossary
3 Terms and definitions
The terms and definitions as defined in GB/T 25069 as well as the following
terms and definitions apply to this document.
3.1
Host-based firewall and personal firewall
It is also known the host-based firewall or personal firewall, which is a
software which runs on standalone computer. It can monitor the inbound and
outbound network connections on the host; perform network address-based
and application-based access control through predefined rules. It also
usually has other security functions such as anti-malware, intrusion
detection, network alert, etc.
5.2.1.5.3 Timeout lock or logout
The product shall have login timeout lock or logout function. If there is no
operation within the set time period, the session is terminated; it needs the
identity authentication again for the purpose of re-operation. The maximum
timeout period can only be set by an authorized administrator.
5.2.1.6 Security management
5.2.1.6.1 Identification uniqueness
The product shall provide a unique identifier for the user; at the same time
associate the user's identifier with all auditable events of the user.
5.2.1.6.2 Administrator attribute definition
If the product supports policy center for distributed deployment and centralized
management, the policy center shall be able to divide the roles of administrators:
a) Administrator roles with at least two different permissions, such as security
officer, auditor, etc.;
b) According to different functional modules, customize various different
authority roles and assign roles to administrators.
5.2.1.6.3 Remote management encryption
If the product supports the policy center and implements remote management
of the temporary policy center, it shall take confidential measures to protect the
remote management information implemented by the policy center.
5.2.1.6.4 Trusted management host
If the product supports the policy center and the console provides remote
management functions, it shall be able to limit the host addresses that can be
remotely managed.
5.2.1.7 Security audit
The product shall have a security audit function; the specific technical
requirements are as follows:
a) Type of recording event:
1) Network communication information matching packet filtering rules;
2) The administrator's login success and failure;
3) The operation of changing the security policy;
When delivering each version of the product to the user, the delivery document
shall describe all procedures necessary to maintain security.
5.2.2.2.2 Installation, generation, startup of program
The developer shall provide documentation explaining the process of product
installation, generation and startup.
5.2.2.3 Development
5.2.2.3.1 Description of informal function specification
The developer shall provide a functional specification, which shall meet the
following requirements:
a) Use informal styles to describe product security functions and external
interfaces;
b) Is internally consistent;
c) Describe the purpose and usage of all external interfaces; provide details
of effects, exceptions and error messages when appropriate;
d) Completely express product security functions.
5.2.2.3.2 Descriptive high-level design
Developers shall provide high-level designs for product security functions; high-
level designs shall meet the following requirements:
a) Representation shall be informal;
b) Is internally consistent;
c) Describe the structure of the security function based on subsystem;
d) Describe the security functions provided by each security function
subsystem;
e) Identify any basic hardware, firmware or software required by the security
function, as well as a representation of the functions provided by the
supporting protection mechanisms implemented in these hardware,
firmware or software;
f) Identify all interfaces of the security function level;
g) Identify which interfaces of the security function subsystems are externally
visible.
packet. When the same type and code field are matched, it will be
processed according to the packet processing method in the
corresponding rule;
2) According to the local port (including single port and < or> port range)
and < or> remote port (including single port and < or> port range) in the
UDP network data packet, perform rule matching;
3) According to the local port (including single port and < or> port range)
and < or> remote port (including single port and < or> port range) in the
TCP network data packet, as well as the flag bit of the TCP data packet,
perform rule matching filter.
d) Filter actions include:
1) Interception;
2) Access;
3) Continue to match the next rule.
5.3.1.2 Revision of security rules
The product shall provide default security rules, which can be revised by users:
a) Users can choose to use or abandon the security rules as provided by the
host-based firewall and personal firewall;
b) Users can add, delete, modify custom security rules according to the
format requirements in 5.3.1.1.
5.3.1.3 Application network access control
The security function of the product shall be able to control the permission of
each application on the host to use the network; the control of application
access to the network shall include the following three methods:
a) Access allowed: Allow the application to use the network;
b) Access prohibited: Prohibit the application from using the network;
c) Inquiry when accessing the network: When the application accesses the
network, it shall be able to provide users with detailed reports and inquiries
about the access operations it wi...
Share
