IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

Safeguard Catalogue - Hardware & Software Remarks<br />

____________________________________________________________________ .........................................<br />

time intervals at which subsequent attempts at authentication are<br />

allowed become progressively longer.<br />

- Certain minimum values can be specified for security-related<br />

parameters. For example, passwords should have a minimum length<br />

of six characters.<br />

- After the mouse or keyboard has remained inactive for a certain<br />

period of time, a screen saver is activated automatically. This screen<br />

saver can only be deactivated following renewed identification and<br />

authentication.<br />

- Telecommuting workstations must have an access control mechanism.<br />

<strong>The</strong> following conditions must be met, in particular:<br />

- Telecommuting workstations can distinguish between different types<br />

of users. It is possible to configure at least two separate roles on a<br />

telecommuting workstation, namely, administrator and user.<br />

- Access to files and programs can be regulated using differentiated<br />

allocation of rights (read, write, execute, ...).<br />

- If a telecommuting computer is to be equipped with a logging mechanism,<br />

the following features might be advisable:<br />

- It should be possible to parametrise the minimum logging scope of<br />

the telecommuting computer. For example, the following actions and<br />

errors should be included in logs:<br />

- For authentication: User ID, date and time, success, ...<br />

- For access control: user ID, data and time, success, type of<br />

access, what was changed, read, written, ...<br />

- Implementation of administrative activities<br />

- Occurrence of operational errors.<br />

- Unauthorised persons must neither be able to deactivate the logging<br />

function, nor should they be able to read or edit the actual logs.<br />

- Logs must be clear, complete and correct.<br />

- If a telecommuting computer is to be equipped with a log evaluation<br />

function, the following features might be advisable:<br />

- An evaluation function must be able to distinguish between the<br />

various data types contained in a log (e.g. "filtration of all<br />

unauthorised attempts at accessing any resource over a specified<br />

time period").<br />

<strong>The</strong> evaluation function must be capable of generating transparent,<br />

readable reports so that no critical security-related activities can be<br />

overlooked.<br />

- Telecommuting computers should be equipped with data backup<br />

functions. At least the following requirements must be met by these<br />

functions:<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!