IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

Safeguard Catalogue - Hardware & Software Remarks<br />

____________________________________________________________________ .........................................<br />

- <strong>The</strong> data backup program is user-friendly and fast, allowing<br />

automatic execution.<br />

- Specifications can be made as to which data should be backed up<br />

when.<br />

- An option for loading any required data backup is available.<br />

- It is possible to backup several generations.<br />

- It is possible to backup instantaneous data at specified intervals<br />

while an application is being run.<br />

- If the telecommuting computer is to be equipped with an encryption<br />

component, the required functionality must first be determined: <strong>Manual</strong><br />

encryption of selected data (offline) or automatic encryption of the entire<br />

hard disk (online). A prerequisite here is that a suitable encryption<br />

algorithm is used and that data lost on the occurrence of a malfunction<br />

(power failure, encryption error) can be restored by the system. In addition,<br />

the following features are recommended:<br />

- Encrypted algorithms used by government agencies should be<br />

approved by the BSI. Individual consultation by the BSI is<br />

recommended in this case. Outside government agencies, the DES is<br />

suitable for medium security requirements, while the triple DES is<br />

suitable for high security requirements.<br />

- Key management must be harmonious with the functionality of the<br />

telecommuting computer. In particular, fundamental differences<br />

between algorithms must be considered here: Symmetric techniques<br />

use a confidential key for encrypting and decrypting; asymmetric<br />

techniques use a public key for encrypting and a private<br />

(confidential) key for decrypting.<br />

- <strong>The</strong> telecommuting computer must safely manage critical security<br />

parameters such as keys. <strong>The</strong>se keys (including ones which are no<br />

longer in use) must never be stored on the telecommuting computer<br />

in an unprotected - i.e. readable - form.<br />

- If a telecommuting computer is to be equipped with an integrity checking<br />

mechanism, the following features are advisable:<br />

- Integrity checking procedures should be used which can reliably<br />

detect intentional manipulation of <strong>IT</strong> and data on the telecommuting<br />

computer, as well as unauthorised installation of programs.<br />

- Mechanisms should be used which can detect intentional<br />

manipulation of address fields and payload data during data<br />

transmission. Mere identification of the employed algorithms<br />

without the need for certain additional details should not suffice to<br />

perform secret manipulation of the above-mentioned data.<br />

- Telecommuting computers should be equipped with a boot protection<br />

mechanism which prevents unauthorised booting from exchangeable data<br />

media such as floppy disks and CDs.<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!