IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Communications Remarks
____________________________________________________________________ .........................................
S 5.8 Monthly security checks of the network
Initiation responsibility: Head of IT Section, IT Security Management
Implementation responsibility: Administrators
The network administrator should perform at least monthly security checks of
the network. Some network operating systems offer programs which automate
these checks. One example is the program SECURITY in the directory
SYS:SYSTEM within Novell 3.11. The parameters checked include the
following:
- Are there any users without a password?
- Are there any users who have not used the network for some time?
- Are there any users whose passwords do not meet the prescribed
requirements?
- Which users have the same rights as the supervisor?
UNIX systems also come with programs which enable such checks to be
performed automatically. A large number of public domain and commercial
programs offer additional test capabilities. Some of these programs are
described in S 4.26 Regular security checks of the UNIX system. The secure
UNIX administration tool developed by the BSI (USEIT) also offers extensive
facilities for checking the network security of a UNIX system. The tests
performed include the following:
- checking for log-ins without passwords or with only weak passwords,
- checking of preconfigured minimum password length,
- checking of network services and their configuration,
- penetration testing in the local subnetwork,
- inconsistency checks of system files and the system,
- checking for insecure ports and services.
Additional controls:
- Are the performance and results of such security checks documented?
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000