19.12.2012 Views

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

Safeguard Catalogue - Hardware & Software Remarks<br />

____________________________________________________________________ .........................................<br />

S 4.47 Logging of firewall activities<br />

Initiation responsibility: Head of <strong>IT</strong> Section, <strong>IT</strong> Security Management<br />

Implementation responsibility: Administrators<br />

It must be specified which events are to be logged and who will evaluate the<br />

logs. Logging must comply with the data privacy regulations. Earmarking in<br />

accordance with § 14 of the BDSG must be particularly observed for protocol<br />

data.<br />

<strong>The</strong> packet filters used must be able to log IP number, service, time and date<br />

for every incoming or outgoing packet. Restrictions to specific packets are<br />

also possible in this case (e.g. only packets with a special source address).<br />

Logging of the user identification, IP number, service, time and date must be<br />

carried out (application gateway) for every connection made or aborted,<br />

although restrictions to specific connections (e.g. for a special user) are also<br />

possible.<br />

It must be possible for logging not to be carried out for certain users so that no<br />

essential information is overlooked due to too large a number of log entries.<br />

This choice may be made, for example, on the basis of the rights profile of<br />

individual users.<br />

<strong>The</strong> log information of all components should be sent to a central point via a<br />

trustworthy route so that the log information cannot be altered prior to final<br />

storage.<br />

Special incidents which may be set, such as repeatedly incorrect password<br />

entries for a user, identification or unauthorised connection attempts, must be<br />

emphasised in the log and should lead to the immediate alerting of the firewall<br />

administrator.<br />

If proper logging is no longer possible (e.g. because there is no more space on<br />

the data medium) the firewall must block all traffic and pass on an appropriate<br />

message to the administrator.<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!