Security-relevant events for gateways are centrally logged, including: • data packets and data flows permitted through gateways • data packets and data flows attempting to leave gateways • real-time alerts for attempted intrusions.
Topic
Gateway event logging
Applicable to
all
History
Priority
must
Sep 2024
Security-relevant events for gateways are centrally logged, including:
• data packets and data flows permitted through gateways
• data packets and data flows attempting to leave gateways
• real-time alerts for attempted intrusions.
The existing control recommending specific events for gateways be centrally logged was slightly reworded for consistency with similar controls.
Dec 2023
The following events are centrally logged for gateways:
• data packets and data flows permitted through gateways
• data packets and data flows attempting to leave gateways
• real-time alerts for attempted intrusions.
The existing control relating to the centralised storage of gateway event logs was merged into the existing control relating to collecting gateway event logs. [ISM-0634, ISM-1775]
Jun 2022
The following events are logged for gateways:
• data packets and data flows permitted through gateways
• data packets and data flows attempting to leave gateways
• real-time alerts for attempted intrusions.
Previously the ISM recommended logging network traffic permitted through gateways or attempting to leave gateways. This recommendation has been changed to logging data packets and data flows in order to more explicitly define the types of events that should be logged. Logging these events will facilitate data analysis and flow analysis activities for gateways.
Mar 2022
Gateways are configured to:
• log network traffic permitted through gateways
• log network traffic attempting to leave gateways
• provide real-time alerts for attempted intrusions and unusual usage patterns.
Existing recommendations for gateway architectures and their configuration (ISM-0631) were split into discrete recommendations with duplicate content being removed.
Jun 2019
All gateways connecting networks in different security domains are operated such that they:
§ log network traffic permitted through the gateway
§ log network traffic attempting to leave the gateway
§ are configured to save event logs to a secure logging facility
§ provide real-time alerts for any cyber security incidents, attempted intrusions and unusual usage patterns.
Security control 0634 was modified. The focus was changed to logging and alerting capabilities of gateways.
May 2019
All gateways connecting networks in different security domains are operated and maintained such that they:
§ filter all network traffic attempting to enter the gateway and log subsequently permitted traffic
§ log network traffic attempting to leave the gateway
§ are configured to save event logs to a separate secure log server
§ are protected by authentication, logging and auditing of all physical and logical access to gateway components
§ have all security controls tested to verify their effectiveness after any changes to their configuration.
2017
Agencies must ensure that all gateways connecting networks in different security domains areoperated and maintained such that they:• apply controls as specified in the Data Transfers and Content Filtering chapter of thismanual• filter and log network traffic attempting to enter the gateway, agencies may choose notto log untrusted internet traffic, providing there is application level logging related to thepermitted network communications (e.g. the web server logs successful connections)• log network traffic attempting to leave the gateway• are configured to save event logs to a separate secure log server• are protected by authentication, logging and auditing of all physical access to gatewaycomponents• have all controls tested to verify their effectiveness after any changes to their configuration.
Control Text Changed. No public explaination.
2015
Agencies must ensure that all gateways connecting networks in different security domains areoperated and maintained such that they:• apply controls as specified in the Data Transfers and Content Filtering chapter of thismanual• filter and log network traffic attempting to enter the gateway, agencies may choose notto log untrusted Internet traffic providing there is application level logging related to thepermitted network communications (eg. the web server logs successful connections).
2010
Agencies must ensure that all gateways connecting networks in different security domains:••••include a firewall on all gateways to filter and log network traffic attempting to enter the gatewayare configured to save event logs to a separate secure log serverare protected by authentication, logging and audit of all physical access to gateway componentshave all controls tested to verify their effectiveness after any changes to their configuration.