IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

Safeguard Catalogue - Hardware & Software Remarks<br />

____________________________________________________________________ .........................................<br />

S 4.7 Change of preset passwords<br />

Initiation responsibility: PBX officer; <strong>IT</strong> Security Management; Head<br />

of <strong>IT</strong> Section<br />

Implementation responsibility: Administrators<br />

Many <strong>IT</strong> systems, PBXs and gateway components (e.g. ISDN routers, speechdata<br />

multiplexers etc.) are delivered with default passwords configured by the<br />

manufacturer. <strong>The</strong>se should, as a first step, be replaced by individual<br />

passwords. In this respect, the pertinent provisions on passwords must be<br />

observed (cf. S 2.11 Provisions governing the use of passwords).<br />

Caution: In some PBXs, changes made to the configuration are only filed in<br />

RAM. <strong>The</strong> same applies to password changes. <strong>The</strong>refore, data must always be<br />

saved and a new backup copy made after such an operation. If this is not done,<br />

the default password will again be enforced after any "restart" of the facility.<br />

In addition, a check is required as to whether the default password has actually<br />

become invalid after the specification of a new password, and can thus no<br />

longer be used to access the system.<br />

Additional controls:<br />

- Does the facility still use a default password?<br />

- Have backup copies been made after the allocation and saving of the<br />

individual password?<br />

- Is access to the system still possible with the default password following<br />

the specification of a new password?<br />

- Are the relevant regulations on "password handling" being observed?<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!