IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Hardware & Software Remarks
____________________________________________________________________ .........................................
S 4.83 Updating / upgrading of software and
hardware in network components
Initiation responsibility: Head of IT Section, IT Security Management
Implementation responsibility: Administrators
Updating software can eliminate vulnerabilities and extend functions. This
applies, for example, to the operating software of active network components
such as switches and routers, as well as network management software. An
update is especially necessary on the detection of vulnerabilities which might
affect the secure or reliable operation of the network, if a fault occurs
repeatedly, or if a function needs to be extended for security-related or
technical reasons.
Upgrading of hardware can also be advisable in certain cases, for example, if a
new version of a switch provides a higher transfer and filter rate. Such
measures can, under certain circumstances, increase the availability, integrity
and confidentiality of data.
Before an update or upgrade is performed, however, the functionality,
interoperability and reliability of the new components must be examined
thoroughly. This is done best in a physically isolated test network, before the
updated or upgraded product is actually put into regular operation. (refer to S
4.78 Careful modifications of configurations).
Additional controls:
- Are updates and upgrades checked for proper interoperability with existing
components before being put into productive operation?
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000