IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Personnel Remarks
____________________________________________________________________ .........................................
directories should never be approved with "all access rights". Ideally, they
are user-defined with read and write privileges for other users
Awareness of security
- The user should be instructed in the security-relevant controls he must
implement. He must also be informed of how the network monitor and log
functions are to be used.
- The use and exchange of passwords should be explained in accordance
with the security strategy.
- Under WfW and Windows 95 the user must be informed that
- passwords for access to resources of other computers are stored in
the file [username].pwl,
- under WfW the resources of other WfW computers are entered in the
file connect.dat, which are automatically connected when WfW is
started,
- the user's own resources are entered in the file shares.pwl, which are
automatically shared when starting.
These files can be deleted by users without infringing the system integrity.
This is particularly sensible for the file [username].pwl if passwords have
accidentally been saved.
- In the event that name conventions exist for the computers and users in the
network, the users should be informed of these and any names which have
already been allocated.
Additional controls:
- Have all users of the WfW network been sufficiently trained?
- Are certain aspects of the awareness training repeated at irregular
intervals?
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000