IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Hardware & Software Remarks
____________________________________________________________________ .........................................
- “Enforce alphanumeric passwords“ should be set. Thus letter and numeral
combinations become obligatory.
- The options “Request confirmed log-on in Windows NT or LAN manager
domain“ and “Allow caching of passcode words“ are not considered at this
point as the interplay of WfW with Windows NT or LAN manager was not
investigated.
The administrator settings must be specified:
- The administrator must specify a password for the created configuration
file WFWSYS.CFG, which may only be known to himself and his
substitute. This password must be deposited securely (cf. S 2.22 Depositing
of Passwords).
- Pre-set security profiles may be accepted from a server via “Update
options“. Furthermore, it is also possible to set them so that at the start of a
client, the security configuration file of the server is checked, and, in the
event of changes, the local file is updated. This makes central
administration of the WfW network, simple addition of further WfW
computers and changing of the password for the configuration files easier
for the WfW administrator.
When configuring a Windows-for-Workgroups computer, the administrator
also needs to consider the following points:
- The pre-set option “Share again on startup“ must be deactivated in the
sharing dialogues (file and print manager).
- The pre-set option “Store password in password list“ must be deactivated
in the connection dialogues (file and print manager).
- In the program group SYSTEM CONTROL under network, the computer
name, the name of the work group and the standard log-on name should be
pre-set in accordance with the name convention.
- The WfW protocol must be activated (in the program group SYSTEM
CONTROL under network). In this case, all events should be recorded and
the protocol file should be set up to be sufficiently large (e.g. 32 KB).
- In the program group SYSTEM CONTROL under network, an option
should be set up via the button start indicating whether the computer’s own
applications or access by others should be treated with priority. If access by
others is subordinate, priority in favour of more rapid execution should be
selected.
- During the use of Schedule+, the right granted by default to view open and
assigned time blocks must be deactivated for all unauthorised WfW users.
Otherwise every user at the same post office will be able to view individual
appointments in the time schedule.
If a post office is configured for use by several persons for the purpose of
communications or joint appointment scheduling, a corresponding data
backup should be performed at appropriate time intervals. This is required to
prevent inadvertent or intentional deletion of the post office, which is not
protected automatically under WfW.
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000