IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Hardware & Software Remarks
____________________________________________________________________ .........................................
S 4.112 Secure operation of the RAS system
Initiation responsibility: Head of IT Section, IT Security Management
Implementation responsibility: Administrator
For the secure operation of a RAS system it is essential that the hardware and
software components of the system have been securely installed and
configured. Safeguards S 4.110 Secure installation of the RAS system and
S 4.111 Secure configuration of the RAS system must therefore have been
performed before the RAS system goes live. In addition, all the organisational
processes must have been defined and implemented (e.g. reporting channels
and responsibilities). It should also be noted that the desired level of system
security can only be assured if the physical security of the hardware
components which make up the RAS system is also assured (see also S 4.110
Secure installation of the RAS system).
The security of a RAS system can be roughly broken down into three areas:
1. the security of the RAS server,
2. the security of the RAS client and
3. the security of data transmission.
Whereas the desired level of security of the RAS server can be controlled
through implementation of local security guidelines, the RAS client is
typically not under the complete control of the IT personnel who are
responsible for the LAN. The security of data transmission media is generally
completely out of their control. For this reason, protection of communications
between client and server must be secured by additional means.
In the environment of the RAS server the following recommendations for
secure operation should be considered:
- RAS access should be continuously monitored using logging and
management tools.
- The information collected in the course of monitoring should be regularly
reviewed by a trained administrator. This person should if possible be
supported with a log file analysis software tool. The data protection
regulations must be considered (see also S 2.110 Data privacy guidelines
for logging procedures).
- If any security incidents are detected, the measures previously specified
must be implemented immediately. The identified security incidents should
be documented in an incident report (see also module 3.8 Handling of
security incidents on this point).
- In order that a controlled user authentication procedure (e.g. Remote
Access Service under Windows NT, RADIUS, TACACS, TACACS+,
SECURE-ID) is possible for RAS access, the consistency of the
authentication data must be assured. This can be effected either through
central administration of the data (using an authentication server) or else
through periodic synchronisation.
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000
Monitoring of RAS
access
Regular analysis of log
files