IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Hardware & Software Remarks
____________________________________________________________________ .........................................
S 4.49 Safeguarding the boot-up procedure for a
Windows NT system
Initiation responsibility: Head of IT Section, IT Security Management
Implementation responsibility: Administrators
Windows NT can only be operated securely if there is a guarantee right from
the start of the system that a closed security environment is constructed, i.e.
that there are no ways around the security functions of the operating system.
This requires that all resources which are capable of being protected by
Windows NT are under the control of the operating system and also that there
is no possibility of starting up outside systems or open system environments
which can circumvent the protection offered by Windows NT. In addition, the
following aspects should be taken into account:
- All existing hard disk partitions must be formatted using the NTFS file
system. Partitions formatted using the FAT, VFAT or HPFS file systems
cannot be protected against accesses from users. On the one hand this
means that the data filed on them is exposed to arbitrary accesses from any
user, and on the other hand, that these partitions can be misused for the
uncontrolled exchange of data between users.
- Disk drives constitute a similar risk, as disks under Windows NT can only
be formatted using the FAT or VFAT file systems. For this reason disk
drives on all computers which are not under strict physical control must
always be locked out by fitting disk locks (see S 4.4 Locking of disk drive
slots). On Windows NT clients, the disk drives can also be deactivated for
non-privileged users via the control panel option "Devices\Floppy". This
option should not be made use of on Windows NT servers (see S 4.52
Equipment protection under Windows NT).
- If the computer has an open floppy disk drive or if it is possible to boot
from a connected CD-ROM drive, there is a danger that the computer
could be started up with an operating system other than Windows NT. The
same danger can arise if other operating systems are installed on a local
hard disk. In this case, the user can by-pass the security mechanisms of
Windows NT with the aid of various programs. There are now several
programs which can be used to read, and partially also modify, files
protected under NTFS from a DOS or Linux environment. The security
attributes set by the NTFS file system are ignored both under the MS-DOS
and Linux operating systems. The user therefore has access to all the
computer’s files from MS-DOS or Linux. For this reason, no other
operating systems may be installed on the hard disk besides Windows NT.
Moreover, the boot procedure must be safeguarded by a BIOS setting
protected with a BIOS password in such a way that the system cannot be
started up by any connected disk drive or CD-ROM drive (see S 4.1
Password protection for IT-Systems).
- In the context of a re-installation of Windows NT, there is an opportunity
to update the current installation of the operating system or install a new
version in parallel. In the case of parallel installation, the existing file
structure is not changed, but the pre-defined administrator account is re-
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000