Information Exchange Gateway

Last updated

NATO has defined the concept of an Information Exchange Gateway (IEG) to facilitate secure communication between different security and management domains. [1] The IEG is designed to provide a standard and secure method of communication between NATO, NATO nations, non-NATO nations, coalition forces, Non Government Organisations (NGOs), and other International Organisations (IOs). [2]

An Information Exchange Gateway provides Information Exchange Services (IES) to facilitate the exchange of information between networks, including data and protocol translation where necessary, and Information Protection Services (IPS) that ensure only intended information is exchanged. In addition, Node Protection Services (NPS) ensure information is exchanged in a safe and secure way and that only intended information which has been validated by the IPS can be exchanged. [3]

NATO has defined five main IEG scenarios [4] each with scenario variants for transferring classified information. The scenarios take account of the security classifications of the domains that they connect, as well as the security policy, the owners and the administrators of those domains.

In some scenarios, an IEG must include a guard to provide the IPS and NPS functions. [5] When used with a guard, the IEG's DMZ is split into two.

Implementation

Related Research Articles

The Session Initiation Protocol (SIP) is a signaling protocol used for initiating, maintaining, and terminating communication sessions that include voice, video and messaging applications. SIP is used in Internet telephony, in private IP telephone systems, as well as mobile phone calling over LTE (VoLTE).

Interoperability is a characteristic of a product or system to work with other products or systems. While the term was initially defined for information technology or systems engineering services to allow for information exchange, a broader definition takes into account social, political, and organizational factors that impact system-to-system performance.

Simple Network Management Protocol (SNMP) is an Internet Standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behaviour. Devices that typically support SNMP include cable modems, routers, switches, servers, workstations, printers, and more.

In computing, Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts packets of data to provide secure encrypted communication between two computers over an Internet Protocol network. It is used in virtual private networks (VPNs).

<span class="mw-page-title-main">Defense Information Systems Agency</span> United States Department of Defense combat support agency

The Defense Information Systems Agency (DISA), known as the Defense Communications Agency (DCA) until 1991, is a United States Department of Defense (DoD) combat support agency composed of military, federal civilians, and contractors. DISA provides information technology (IT) and communications support to the President, Vice President, Secretary of Defense, the military services, the combatant commands, and any individual or system contributing to the defense of the United States.

Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that provides centralized authentication, authorization, and accounting (AAA) management for users who connect and use a network service. RADIUS was developed by Livingston Enterprises in 1991 as an access server authentication and accounting protocol. It was later brought into IEEE 802 and IETF standards.

<span class="mw-page-title-main">Internet security</span> Branch of computer security

Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules and measures to use against attacks over the Internet. The Internet is an inherently insecure channel for information exchange, with high risk of intrusion or fraud, such as phishing, online viruses, trojans, ransomware and worms.

<span class="mw-page-title-main">European Union Military Staff</span> Military unit

The Military Staff of the European Union (EUMS) is the directorate-general of the European Union's (EU) External Action Service (EEAS) that contributes to the EU's Common Security and Defence Policy (CSDP) by providing strategic advice to the High Representative (HR/VP) and commanding operations through its Military Planning and Conduct Capability (MPCC) operational headquarters. From the end of 2020 the MPCC will also be capable of running executive operations of up to 2500 troops, i.e. the size of one battle group, as well as 3 non-executive missions.

<span class="mw-page-title-main">NATO Communications and Information Systems Services Agency</span>

The NATO Communication and Information Systems Services Agency , was a service provider to its NATO and national customers. Wherever NATO deployed on operations or exercises, NCSA was there, providing communication and information systems (CIS) services in support of the mission. Equally important, NCSA supported NATO’s ten major headquarters in Europe, North America, and Asia.

The Open Settlement Protocol (OSP) is a client/server protocol used by Internet service providers to exchange authorization, accounting, and usage information to support IP telephony. Open Settlement Protocol is implemented in voice telephony gateways such as softswitches, H.323 multimedia conferencing gateways, and Session Initiation Protocol (SIP) proxies.

<span class="mw-page-title-main">H.323</span> Audio-visual communication signaling protocol

H.323 is a recommendation from the ITU Telecommunication Standardization Sector (ITU-T) that defines the protocols to provide audio-visual communication sessions on any packet network. The H.323 standard addresses call signaling and control, multimedia transport and control, and bandwidth control for point-to-point and multi-point conferences.

Security controls are safeguards or countermeasures to avoid, detect, counteract, or minimize security risks to physical property, information, computer systems, or other assets. In the field of information security, such controls protect the confidentiality, integrity and availability of information.

Security patterns can be applied to achieve goals in the area of security. All of the classical design patterns have different instantiations to fulfill some information security goal: such as confidentiality, integrity, and availability. Additionally, one can create a new design pattern to specifically achieve some security goal.

Chernobyl Recovery and Development Programme (CRDP) is developed by the United Nations Development Programme and aims at ensuring return to normal life as a realistic prospect for people living in regions affected by Chernobyl disaster. The Programme provides continuing support to the Government of Ukraine for elaboration and implementation of development-oriented solutions for the regions. The CRDP, part of the United Nations Development Programme activities in Ukraine, has been launched based on the recommendations of “The Human Consequences of the Chernobyl Nuclear Accident. A strategy for Recovery”, the joint report by UN agencies initiated in February 2002. Since 2003 the CRDP is constantly working to mitigate long-term social, economic and environmental consequences of the Chernobyl catastrophe, to create more favorable living conditions and to promote sustainable human development in the Chernobyl-affected regions. In partnerships with international organizations, oblast, rayon and state administrations, village councils, scientific institutions, non-governmental organizations and private business, CRDP supports community organizations and helps them to implement their initiatives on economic, social development and environmental recovery. In addition, the CRDP distributes information about the Chernobyl catastrophe internationally and within Ukraine.

Security service is a service, provided by a layer of communicating open systems, which ensures adequate security of the systems or of data transfers as defined by ITU-T X.800 Recommendation.
X.800 and ISO 7498-2 are technically aligned. This model is widely recognized

The NATO Communications and Information Systems School (NCISS)is a school run by NATO that provides formal technical training on certain Communication and information Systems (CIS) deployed on operations or exercises by the Alliance.

In information security, a guard is a device or system for allowing computers on otherwise separate networks to communicate, subject to configured constraints. In many respects a guard is like a firewall and guards may have similar functionality to a gateway.

<span class="mw-page-title-main">Nexor</span>

Nexor Limited is a privately held company based in Nottingham, providing product and services to safeguard government, defence and critical national infrastructure computer systems. It was originally known as X-Tel Services Limited.

The cyber security community in the United Kingdom is diverse, with many stakeholders groups contributing to support the UK Cyber Security Strategy. The following is a list of some of these stakeholders.

The Center for Internet Security (CIS) is a 501(c)(3) nonprofit organization, formed in October, 2000. Its mission is to make the connected world a safer place by developing, validating, and promoting timely best practice solutions that help people, businesses, and governments protect themselves against pervasive cyber threats. The organization is headquartered in East Greenbush, New York, with members including large corporations, government agencies, and academic institutions.

References

  1. "NATO IEG" (PDF). AFCEA.
  2. "Collaboration Support Office (CSO)".
  3. Guidance Document on the Implementation of Gateways for Information Exchange between NATO CIS and External CIS, AC/322-D(2005)0054-REV2, NATO, March 2008
  4. "Information Exchange Gateways". Nexor.
  5. "Information Exchange Gateways". Deep-Secure.
  6. "EDA" . Retrieved 22 December 2014.