IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

START NOW

Safeguard Catalogue - Hardware & Software Remarks<br />

____________________________________________________________________ .........................................<br />

As soon as the installation of a minimal operating system is complete,<br />

various programs which could be helpful to a potential attacker should be<br />

deleted. In particular, any compilers which may be present should be<br />

removed, because these could be a valuable tool for an attacker. Besides,<br />

another reason why it is not advisable to have compilers on Internet servers<br />

is that these computers are production machines, and program development<br />

and tests should be carried out on other computers. It is also conceivable to<br />

delete all editors, which would make it very much more difficult for an<br />

attacker to manipulate configuration files. If the editors are deleted, though,<br />

administration is also more complicated. If changes need to be made to<br />

configuration files, an editor has to be installed on a case-by-case basis, or<br />

alternatively, and this is recommended, the configuration files have to be<br />

edited on a different computer and then transferred.<br />

A minimal operating system should of course not be an end in itself. It goes<br />

without saying that, for an Internet server, the server service itself still has to<br />

be installed. It depends on the particular installation whether this is done at the<br />

end of the above list or between points 6 and 7, for example, or even<br />

immediately after point 1. It becomes problematical if the installation fails<br />

because of the absence of operating system packages, because in that case the<br />

missing packages have to be located and reinstalled manually. It would be<br />

better if the vendor of the server service specified the operating system<br />

dependencies, so that the minimal system could be brought into line with these<br />

from the outset.<br />

Even a computer configured with a minimal system is not entirely protected<br />

against attacks. <strong>The</strong> most probable cause of a successful attack is no doubt the<br />

server service, but also the minimal system itself is still open to attack, in<br />

particular the TCP/IP stack, which has to forward the network packets to the<br />

application. Almost all attacks against the TCP/IP stack that have so far come<br />

to light, however, have only affected availability, with the computers<br />

concerned being caused to crash; this means that infiltration of computers has<br />

not yet been observed. In order to reduce even this risk yet further, S 4.98<br />

Restricting communication to a minimum with packet filters should also be<br />

implemented.<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!