IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Hardware & Software M
Remarks
____________________________________________________________________ .........................................
S 4.24 Ensuring consistent system management
Initiation responsibility: Head of IT section, IT security management,
Administrator
Implementation responsibility: Administrators
In many complex IT systems, e.g. under UNIX or in a network, there is an
Administrator role which is not subject to any restrictions. Under UNIX, this
is the superuser root; in a Novell network, it is the SUPERVISOR or admin.
Lack of restrictions will result in a particularly high risk of error or abuse.
In order to avoid errors, operations should be carried out under the superuser
log-in only when this is necessary; other work should not even be carried out
by the Administrator under the Administrator ID. In particular, no programs
belonging to other users should be invoked under the Administrator ID. Also,
routine system management (e.g. backup, installation of a new user) should be
possible only via menu selection.
Appropriate allocation of tasks, specification of guidelines, and measures for
co-ordination are required to ensure that Administrators do not perform any
inconsistent or incomplete operations. For instance, a file must not be edited
and modified by several administrators at the same time, as, in that case, only
the version saved last would be preserved.
If there is a risk of the lines to the terminals being tapped, then, to prevent
interception of passwords, the Administrator should only work at the console.
When administering UNIX systems, communications can be encrypted using
the Secure Shell protocol. This enables remote workstations to be
administered securely (see also S 5.64 Use of Secure Shell).
For all Administrators, supplementary user IDs which have only those
restricted rights which the Administrators need for performing nonadministrative
tasks must be configured. For non-administrative activities,
Administrators should exclusively use these supplementary user IDs.
All changes performed should be documented so that they can be traced back
and also to facilitate task allocation (see also S 2.34 Documentation of
changes made to an existing IT system). To review activities performed by the
Administrator, a log can be prepared of the commands input using the UNIX
command script. This command logs the entire terminal session in an ASCII
file. Such a file can then if required be appended to an electronic or hard copy
administration journal.
Additional controls:
- What steps are taken to ensure that intervention by an Administrator will
not lead to inconsistencies?
- Are backups made before any major intervention?
- Do all Administrators have supplementary user IDs with restricted rights?
- Are the supplementary user IDs used as default?
- Is an administration journal maintained? Are all changes documented
there?
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000
Do not work under
superuser log-in
Agreement among
Administrators
Use Secure Shell
Document changes