IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

START NOW

Safeguard Catalogue - Hardware & Software Remarks<br />

____________________________________________________________________ .........................................<br />

S 4.16 Restrictions on access to accounts and/or<br />

terminals<br />

Initiation responsibility: Head of <strong>IT</strong> Section, <strong>IT</strong> Security Management<br />

Implementation responsibility: Administrators<br />

<strong>The</strong> account and/or terminal of a user should be blocked outside regular<br />

working hours. If this involves an unreasonable amount of time and effort (for<br />

instance in case of very irregular or frequently changing working hours),<br />

blocking should be effected at least during the standard non-working periods.<br />

If staff members are employed only on one particular terminal or <strong>IT</strong> system<br />

within the network, use of the user ID and of the associated password is to be<br />

confined to this computer so that logging-in from another computer will be<br />

precluded. In particular, the Administrator should if possible only log on from<br />

the console. It is also possible to enforce this through technical means (see<br />

also S 4.21 Preventing unauthorised acquisition of Administrator rights).<br />

For terminals under UNIX, the respective user must be entered as the owner of<br />

the given logical device. When he has logged out, root should automatically<br />

revert to being the owner. Only the respective user should have read access for<br />

this purpose. If a user wishes to receive messages from other system users<br />

(e.g. through talk), he must grant them write access rights to the device driver.<br />

<strong>The</strong> actual need for this must be checked.<br />

In PC networks, the number of simultaneous log-ons under one account from<br />

several PCs can be restricted. To protect against unnoticed penetration by<br />

intruders, steps should be taken to ensure that users are prevented from<br />

logging on to more than one PC at a time.<br />

Additional controls:<br />

- Have time frames, i.e. temporary access restrictions, been configured for<br />

all accounts and terminals?<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000<br />

Blocking outside<br />

working hours<br />

Limit to certain <strong>IT</strong><br />

systems<br />

Granting of attributes to<br />

device files

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!