• Font Size:
  • S
  • M
  • L

Article NO. Content

Title:

Reference Guidelines on the Cybersecurity Protection of Service Enterprises in Securities and Futures Markets  CH

Announced Date: 2024.04.19 (Articles 2, 3, 5, 7, 8, 12, 16 amended,English version coming soon)
Current English version amended on 2022.04.26 
Categories: Information Operations
Article Content Chapter Content Search Article No. Search Legislative History Chinese
Article 5     (Network Segmentation)
  1. Work areas shall be divided and isolated by network segmentation to ensure network infrastructure security.
  2. For the purpose of maintaining business operation, the network shall be segmented into, for example, Delimitarised Zone (DMZ), Production (Prod.), Unit Test (UT) or User Acceptance Test (UAT), and others.
  3. An organization shall define the extranet and intranet. The extranet is connected to the Internet, while the intranet is a server-equipped area between personnel and internal services of the organization. Traffic from the extranet to the intranet is subject to access control to avoid unsanctioned services.
  4. Segregation by a virtual local area network, or VLAN, is advised for intranet segments of an organization. The intranet may be segmented according to the internal units, departments, business natures, etc. of the organization, with restrictions imposed on access among different VLANs.
  5. An organization shall isolate services whose access is restricted and specific services by appropriate means. Information personnel shall, depending on the way of segregation, review the firewall rules or access control list (ACL) periodically.