IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

START NOW

Safeguard Catalogue - Organisation Remarks<br />

____________________________________________________________________ .........................................<br />

S 2.204 Prevention of Insecure Network Access<br />

Initiation responsibility: Head of <strong>IT</strong> Section, <strong>IT</strong> Security Management<br />

Implementation responsibility: Administrator, Auditor<br />

Every insecure access to a network constitutes an enormous security loophole.<br />

<strong>The</strong>refore every communication to the internal network must without<br />

exception be effected over a secure channel. This could, for example, be a<br />

firewall (see Section 7.3).<br />

Procedures must be laid down to ensure that no other external connections can<br />

be established by circumventing the firewall. All the users must be informed<br />

as to the dangers associated with the creation of unchecked access routes, e.g.<br />

using modems which staff have brought into work with them.<br />

All external network access routes should be recorded centrally (see<br />

Section 2.1). Furthermore, sampling methods should be used to review<br />

whether additional network access routes have been established over modems<br />

or by any other means. For example, predefined auto-dial call numbers<br />

specified can be tested to see whether any data transmission facilities are<br />

activated in response.<br />

Data transmission should be properly controlled in all organisations. All data<br />

transmission facilities should be approved and their use should be subject to<br />

clear rules and procedures. This concerns not only routers, modems and ISDN<br />

cards, but also infrared or radio interfaces.<br />

Data transmission should be properly controlled in all organisations. In<br />

particular, the following points should be specified:<br />

- persons responsible for installation, maintenance and support<br />

- the user population and usage entitlements<br />

- predefined requirements and security measures covering usage<br />

- possible communications partners<br />

- times during which facilities may be used<br />

- arrangements for covering staff absences<br />

- record-keeping<br />

- secure configuration of data transmission facilities<br />

Examples of the above will be found in S 2.61 Procedures Governing Modem<br />

Usage and S 2.179 Procedures Controlling the Use of Fax Servers.<br />

Additional controls:<br />

- Are all external network access routes documented?<br />

- Have procedures been defined for the use of data transmission facilities?<br />

- Are the procedures governing the use of data transmission facilities<br />

regularly adapted to the operational environment and to technical<br />

developments?<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!