IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Personnel Remarks
____________________________________________________________________ .........................................
S 3.19 Instructions concerning the correct use of the
security functions in Peer-to-Peer networks
Initiation responsibility: Head of IT Section, IT Security Management
Implementation responsibility: IT Security Management, Administrators
Instructions concerning the correct use of security functions are particularly
important in Peer-to-Peer networks under WfW and Windows 95, where the
users themselves have to carry out security tasks. Each user must therefore be
trained in advance regarding the following points:
Data exchange using shared directories
- The user must be trained in the correct use of the sharing of resources and
the correct cancellation of directory sharing. Particular emphasis should be
placed on the possibility of concealing shared directories or printers by
adding the character "$" so that other users cannot see that sharing has
been granted. It should be pointed out that the incentive for attacks can be
reduced if share names are used which do not provide information on the
contents and if resources are only shared for as long as required.
- The meaning of the options when sharing or connecting directories or
printers should be made clear and the adherence to the various settings
pointed out:
"share on start-up" automatic sharing when WfW is started,
without user interaction
"Connect on start-up" automatic connection when restarting
"Save password in the password
list"
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000
Storing of the password (critical to
security) so that it does not have to be
re-entered when connecting the next
time
Users of Windows 95 and Windows NT must take note that every enabled
share must explicitly be undone, otherwise it will still apply after a restart
- The names of the access rights under WfW and Windows 95 are not self
explanatory and have to be explained:
"Write-protected access" Right to read files and execute
programs
"Read/write access" Right to read/write files, execute
programs, create and delete files
"Access dependent on password" The right to read and write files can be
granted separately
Within Windows 95 all users can choose between the rights "writeprotected
access", "all access rights" and "user-defined" if access
protection is implemented at the user level. Users must then be notified that