IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Communications Remarks
____________________________________________________________________ .........................................
If the installation of central network management is being considered, it
should be located in a secure area. Access to this centre should be controlled
using organisational measures. For the relevant provisions, c.f. Chapter 4.3.2
Server Room. The management computers from which work can be carried
out should be protected by suitable safeguards. See Chapter 5.1 DOS PC
(single user) and 5.2 UNIX system.
Logging of maintenance work
It must be possible at all times to get a picture of the current plant
configuration, i.e. allocated call numbers and rights, activated and de-activated
user facilities, established follow-me groups, etc. For this purpose, the changes
made must be logged. A neat solution is forced logging by means of a PC
gateway.
Additional controls:
- Has external remote maintenance been disabled?
- Is it ensured that the remote access is not switched on a direct-access line?
- Who can, from where, call the remote access?
- Who has access to the remote-maintenance centre?
- Is the remote maintenance centre accommodated in a protected area?
- Are all instances of remote-maintenance access and all related entries being
logged?
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000