IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

START NOW

Safeguard Catalogue - Organisation Remarks<br />

____________________________________________________________________ .........................................<br />

S 2.187 Definition of a set of RAS security guidelines<br />

Initiation responsibility: <strong>IT</strong> Security Management Team<br />

Implementation responsibility: <strong>IT</strong> Security Management Team, Administrator<br />

As part of the process of planning RAS access to a LAN, it is also necessary<br />

to define a set of security guidelines for remote access. <strong>The</strong> organisation-wide<br />

<strong>IT</strong> security guidelines must be modified and expanded accordingly. <strong>The</strong> RASspecific<br />

rules must be documented and updated in the event of any changes.<br />

<strong>The</strong> security rules governing remote access to the local network must be<br />

distributed to all users who will be allowed remote access (see also S 2.184<br />

Development of a RAS concept). <strong>The</strong> rules contained in the security guidelines<br />

should cover the following subject matter:<br />

- Which users may access what data?<br />

- Which users may use which applications?<br />

- Which users may access which services and computers?<br />

- Which users may establish a connection, at what times and with which<br />

RAS connection?<br />

- Which administrators have which tasks?<br />

- Which authentication mechanisms must be used for access?<br />

- Which access rights are granted to each RAS user?<br />

- Is Write access to data permitted?<br />

- Is only a special data area to be used for Write access (e.g. incoming<br />

directory)?<br />

- How are multiple authentication errors handled (e.g. by lengthening timeout,<br />

blocking users or blocking RAS access)?<br />

- Under what circumstances can a blocked RAS connection be activated<br />

again? What is the organisational sequence of events that this entails?<br />

- Under what circumstances can a RAS connection also be released<br />

remotely? What is the organisational sequence of events that this entails?<br />

- What data is logged?<br />

This list of questions must be expanded, modified and made specific so as to<br />

take local circumstances into account. This process should entail consideration<br />

of the existing security guidelines. <strong>The</strong> general security requirements must not<br />

be undermined by the RAS security guidelines.<br />

Within the framework of the <strong>IT</strong> security concept, the rules provided in the<br />

RAS security guidelines should also specify possible responses to breaches of<br />

the rules. Every RAS user must be aware of these.<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000<br />

Document and update<br />

rules<br />

Inform all users<br />

Take into account<br />

existing guidelines

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!