IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Communications Remarks
____________________________________________________________________ .........................................
S 5.9 Logging at the server
Initiation responsibility: Head of IT Section, IT Security Management
Implementation responsibility: Administrators
The logging possible on the network server should be activated to a sensible
degree. At regular intervals, the network administrator must screen the log
files of the network server. In this context, the following occurrences are of
particular interest:
- entry of a wrong password for a user ID, to the barring of the user ID
when the limit of unsuccessful attempts has been reached;
- attempted violation of access rights;
- power failure
- data on capacity utilisation and network congestion.
As, in the course of time, these files can become very voluminous, the
intervals between analyses should be short enough to allow efficient analysis.
Additional controls:
- Who analyses the log files at what intervals?
- Are the analyses being documented?
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000