IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

Safeguard Catalogue - Hardware & Software Remarks<br />

____________________________________________________________________ .........................................<br />

created with a new password. This "new" administrator then has full access<br />

to all the computer’s resources and thus to all data and programs. In order<br />

to prevent this possibility of re-installation, users must not be in a position<br />

to change the file BOOT.INI in the root directory of the first disk (see S<br />

4.53 Restrictive allocation of access rights to files and directories under<br />

Windows NT).<br />

- With the aid of the installation programs an emergency disk (see S 6.42<br />

Creating start-up disks for Windows NT), can also be produced and used to<br />

carry out a system reconstruction. In the process, access protection of the<br />

NTFS partition of the operating system is cancelled. For this reason it is<br />

absolutely essential to safeguard the installation programs, an emergency<br />

disk which may already exist and the set-up disks in such a way that they<br />

are protected against unauthorised access. This specific threat can also be<br />

countered by protecting the disk drives with drive locks (see S 4.4 Locking<br />

of floppy disk drive slots) and safeguarding the boot procedure by means of<br />

the appropriate BIOS setting (see above).<br />

Under Windows NT, logging-on to the server is only possible for users to<br />

whom the user right "Local log-on" has been given. <strong>The</strong>se users are restricted<br />

to the rights and permissions assigned to them. To avoid misuse of the<br />

possibilities for logging-on to the server, provision must be made for the user<br />

rights, and the allocations to user groups, to be correspondingly restrictive (see<br />

safeguards S 2.93 Planning of the Windows NT network and S 4.50 Structured<br />

system administration under Windows NT).<br />

Additional controls:<br />

- Is the safeguarding of any existing disk drives checked regularly?<br />

- Are there regular checks to ensure that no parallel installation of another<br />

operating system exists?<br />

- Are the BIOS settings which prevent booting from media other than the<br />

hard disk checked regularly?<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!