IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

Safeguard Catalogue - Organisation Remarks<br />

____________________________________________________________________ .........................................<br />

required to check recipients' call numbers in the case of important fax<br />

transmissions (e.g. individual quotations).<br />

9. Use of the fax server<br />

Procedures covering use of the fax server by staff must also be drawn up (see<br />

S 3.15 <strong>Information</strong> on the use of faxes for all employees). Finally, which rights<br />

employees may exercise on the fax server must also be specified.<br />

10. <strong>Protection</strong> of the fax client<br />

Appropriate organisational and technical measures must be taken to ensure<br />

that no faxes can be read without authorisation or can be sent either without<br />

authorisation or unintentionally. Users must therefore be trained in use of the<br />

fax programs and made aware of the potential risks.<br />

Authentication of employees on the fax server is especially important. This<br />

can be effected explicitly via a fax client or else by logging on to a directory<br />

service, a domain controller (in a Microsoft Windows NT environment) or an<br />

e-mail system. Where employees are authenticated to the fax server over a<br />

client, if possible the logon password should not be stored on the hard disk as<br />

that would invalidate its value as a security mechanism. Anyone who has<br />

access to the appropriate fax client can send faxes under another name and<br />

read incoming fax transmissions without authorisation. Moreover, employees<br />

should be encouraged to log off from the fax server after collecting incoming<br />

fax transmissions and sending outgoing faxes. Steps should be taken to ensure<br />

that the computer is protected when staff leave their desks, e.g. through the<br />

use of password-protected screen savers or some mechanism of the operating<br />

system used (see S 4.1 Password protection for <strong>IT</strong> systems and S 4.2 Screen<br />

lock).<br />

11. Repairs and maintenance<br />

<strong>The</strong>re should also be procedures covering repairs and maintenance work<br />

performed on the fax server. System administrators must know whom to<br />

contact when maintenance work or a repair is necessary. Procedures for<br />

handling faulty data media and especially faulty hard disks must also be<br />

defined.<br />

Additional controls:<br />

- Are the procedures for use of the fax server regularly updated in line with<br />

changes to the environment in which they are used?<br />

- Are procedures covering the forwarding of incoming fax transmissions<br />

when recipients are absent from the office absent in force?<br />

- Are there any procedures relating to training of staff in the use of fax<br />

programs?<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!