ISO/IEC 27033-4
ISO/IEC 27033-4:2014 Information technology — Security techniques — Network security — Part 4: Securing communications between networks using security gateways
(first edition)
Abstract
ISO/IEC 27033 part 4 “gives guidance for securing communications between networks using security gateways (firewall, application firewall, Intrusion Protection System, etc.) in accordance with a documented information security policy of the security gateways, including:
identifying and analysing network security threats associated with security gateways;
defining network security requirements for security gateways based on threat analysis;
using techniques for design and implementation to address the threats and control aspects associated with typical network scenarios; and
addressing issues associated with implementing, operating, monitoring and reviewing network security gateway controls.”
[Source: ISO/IEC 27033-4:2014]
Introduction
Part 4 gives an overview of security gateways, describing different architectures.
Scope
Guidance on securing communications between networks through gateways, firewalls, application firewalls, Intrusion Protection System [sic] etc. in accordance with a policy.
Includes identifying and analysing network security threats, defining security control requirements, and designing, implementing, operating, monitoring and reviewing the controls.
Structure
Main sections:
6: Overview
7: Security threats
8: Security requirements
9: Security controls
10: Design techniques
11: Guidelines for product selection
Status
The current first edition of part 4 was published in 2014 and confirmed unchanged in 2019.
Commentary
Outlines how security gateways analyse and control network traffic through:
Packet filtering;
Stateful packet inspection;
Application proxy (application firewalls);
Network Address Translation;
Content analysis and filtering.
Guides the selection and configuration of security gateways, choosing the right type of architecture for a security gateway which best meets the security requirements of an organisation.
Refers to various kinds of firewall as examples of security gateways. [Firewall is a commonplace term of art that is curiously absent from ISO/IEC 27000, ISO/IEC 27002 and is not defined explicitly in this standard either. Presumably some ancient ISO standard uses the term to describe a physical barrier impeding the spread of fire and smoke e.g. from the engine into the passenger compartments of a car].