Direct links from the subject.
| Property | Value |
|---|---|
|
The subject is an instance of a class. |
|
|
The subject is an instance of a class. |
An idea or notion; a unit of thought. |
|
A human-readable name for the subject. |
DE.CM-01.1: Firewalls shall be installed and operated at the network boundaries, including end- point firewalls. |
|
DE.CM-01.1 |
|
|
http://cyfun.data.gift/data/loc_CyFun2025_Booklet_IMPORTANT_E_p97 |
|
|
http://cyfun.data.gift/data/loc_CyFun2025_Booklet_BASIC_E_p41 |
|
|
http://cyfun.data.gift/data/loc_CyFun2025_Booklet_ESSENTIAL_E_p145 |
|
|
Relates a concept to a concept that is more general in meaning. |
|
|
A general note, for any purpose. |
The goal of this control is to enhance visibility and detection of threats at the device level, particularly those that may bypass traditional network perimeter defences. This control focuses on the use ofhost-based firewalls to detect threats that maybypass the network perimeter, by monitoring and controlling traffic to and from individual devices (focus: visibility and detection). In contrast, control PR.IR-01.1 addresses network-based firewalls, which are designed to prevent unauthorised access by managing traffic entering or leaving the network (focus: control and prevention). To achieve this goal, the following should be considered: - Define Endpoints Broadly Include desktops, laptops, servers, smartphones, andwhere feasible, OT(OperationalTechnology) components like PLCs and HMIs, as well as IoT devices. - Deploy Host-Based Firewalls Ensure firewalls are installed, active, and properly configured on all endpoint devices. These firewalls help detect and block suspicious activity directly on the device, even when it is connected to secure networks or VPNs. - Segment Network Assets Group systems based on their criticality or function (e.g. put public-facing services like email, web, and VPN servers in a DMZ). - Use Predefined Firewall Rules Establish rules to filter both inbound and outbound traffic, thereby helping to detect anomalies or malicious behaviour. - Limit Internet Gateways Reduce the number of interconnection points to the internet to minimise exposure and simplify monitoring. |
|
A general note, for any purpose. |
The goal of this control is to enhance visibility and detection of threats at the device level, particularly those that may bypass traditional network perimeter defences. This control focuses on the use ofhost-based firewalls to detect threats that maybypass the network perimeter, by monitoring and controlling traffic to and from individual devices (focus: visibility and detection). In contrast, control PR.IR-01.1 addresses network-based firewalls, which are designed to prevent unauthorised access by managing traffic entering or leaving the network (focus: control and prevention). To achieve this goal, the following should be considered: • Define Endpoints Broadly Include desktops, laptops, servers, smartphones, andwhere feasible, OT(OperationalTechnology) components like PLCs and HMIs, as well as IoT devices. • Deploy Host-Based Firewalls Ensure firewalls are installed, active, and properly configured on all endpoint devices. These firewalls help detect and block suspicious activity directly on the device, even when it is connected to secure networks or VPNs. • Segment Network Assets Group systems based on their criticality or function (e.g. put public-facing services like email, web, and VPN servers in a DMZ). • Use Predefined Firewall Rules Establish rules to filter both inbound and outbound traffic, thereby helping to detect anomalies or malicious behaviour. • Limit Internet Gateways Reduce the number of interconnection points to the internet to minimise exposure and simplify monitoring. |
|
A general note, for any purpose. |
<div><p>The goal of this control is to enhance visibility and detection of threats at the device level, particularly those that may bypass traditional network perimeter defences. This control focuses on the use ofhost-based firewalls to detect threats that maybypass the network perimeter, by monitoring and controlling traffic to and from individual devices (focus: visibility and detection). In contrast, control PR.IR-01.1 addresses network-based firewalls, which are designed to prevent unauthorised access by managing traffic entering or leaving the network (focus: control and prevention). To achieve this goal, the following should be considered:</p><ul><li>Define Endpoints Broadly Include desktops, laptops, servers, smartphones, andwhere feasible, OT(OperationalTechnology) components like PLCs and HMIs, as well as IoT devices.</li><li>Deploy Host-Based Firewalls Ensure firewalls are installed, active, and properly configured on all endpoint devices. These firewalls help detect and block suspicious activity directly on the device, even when it is connected to secure networks or VPNs.</li><li>Segment Network Assets Group systems based on their criticality or function (e.g. put public-facing services like email, web, and VPN servers in a DMZ).</li><li>Use Predefined Firewall Rules Establish rules to filter both inbound and outbound traffic, thereby helping to detect anomalies or malicious behaviour.</li><li>Limit Internet Gateways Reduce the number of interconnection points to the internet to minimise exposure and simplify monitoring.</li></ul></div> |
|
A general note, for any purpose. |
The goal of this control is to enhance visibility and detection of threats at the device level, particularly those that may bypass traditional network perimeter defences. This control focuses on the use ofhost-based firewalls to detect threats that maybypass the network perimeter, by monitoring and controlling traffic to and from individual devices (focus: visibility and detection). In contrast, control PR.IR-01.1 addresses network-based firewalls, which are designed to prevent unauthorised access by managing traffic entering or leaving the network (focus: control and prevention). To achieve this goal, the following should be considered: - Define Endpoints Broadly Include desktops, laptops, servers, smartphones, andwhere feasible, OT(OperationalTechnology) components like PLCs and HMIs, as well as IoT devices. - Deploy Host-Based Firewalls Ensure firewalls are installed, active, and properly configured on all endpoint devices. These firewalls help detect and block suspicious activity directly on the device, even when it is connected to secure networks or VPNs. - Segment Network Assets Group systems based on their criticality or function (e.g. put public-facing services like email, web, and VPN servers in a DMZ). - Use Predefined Firewall Rules Establish rules to filter both inbound and outbound traffic, thereby helping to detect anomalies or malicious behaviour. - Limit Internet Gateways Reduce the number of interconnection points to the internet to minimise exposure and simplify monitoring. |
|
A notation, also known as classification code, is a string of characters such as "T58.5" or "303.4833" used to uniquely identify a concept within the scope of a given concept scheme. |
DE.CM-01.1 |
|
skos:prefLabel, skos:altLabel and skos:hiddenLabel are pairwise disjoint properties. |
Network boundary firewall operation |
|
A resource has no more than one value of skos:prefLabel per language tag, and no more than one value of skos:prefLabel without language tag. |
Firewalls shall be installed and operated at the network boundaries, including end- point firewalls. |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
The number of triples associated with the subject. |
21 |
|
Specifies the dataset the subject is part of. |
Resultaten 1 - 23 of 23
Inverse links to the subject.
| Property | Subject |
|---|---|
|
Relates a concept to a concept that is more specific in meaning. |
Resultaten 1 - 1 of 1