IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Hardware & Software Remarks
____________________________________________________________________ .........................................
S 4.64 Verification of data before transmission /
elimination of residual information
Initiation responsibility: Head of IT Section, IT Security Management
Implementation responsibility: Administrator, IT users
Before a file is dispatched via e-mail or placed on a WWW-server, or before a
data medium is transferred to another party, a check must be made as to
whether the file/data medium holds residual information not intended for
public attention. Such residual information can have a variety of origins
entailing a corresponding variety of measures which need to be taken. The
most common sources of such residual information are described in the
following.
In general, files generated with standard software such as word processing and
spread-sheet programs should be checked for residual information. Some of
this information is stored with, and some without the user being aware of this.
Before files are forwarded, they should at least be spot-checked for the
presence of undesired additional information. For this purpose, a different
editor should be used than the one with which the file was originally created.
In this process, it must be noted that not all residual information can be
deleted directly without disrupting the file format. If, for example, certain
bytes are deleted from a file generated with a particular word processor, the
software might no longer recognise the file format. To eliminate residual
information:
- The file can be stored in a different format, e.g. “Text only“ or HTML
- The useful data can be copied to another instance of the same standard
software on an IT system which does not run any other applications. This is
particularly advisable in the case of files with a long history of
modifications.
To prevent the forwarding of information which was originally added on
purpose by the creator of the document - such as text in “hidden“ format - but
whose presence was later forgotten, it might prove useful to print out the file.
For this purpose, all printer options for outputting hidden formats should be
activated.
Residual information / slack bytes
Every operating system has a smallest possible physical memory unit of a
specified size. Under DOS, this unit is termed sector and has a size of 512
bytes. Under UNIX, this unit is termed block, and its size depends on the type
of UNIX system in use. Under DOS, the individual sectors of a partition are
grouped logically into clusters. The number of sectors in a cluster depends on
the size of the partition. When a file is opened, one or more clusters are
allocated to it. The last cluster is not occupied fully, unless the size of the
stored file happens to be an exact multiple of the cluster size.
This takes up memory. The average storage space required increases with the
cluster size. As the cluster size, in turn, increases with the partition size, the
latter should not be allowed to exceed a certain limit. Example: Given a
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000