IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

START NOW

Safeguard Catalogue - Communications Remarks<br />

____________________________________________________________________ .........................................<br />

also occur even without a query during booting. <strong>The</strong>refore, an early check<br />

for correctness must be made of such a file.<br />

- <strong>The</strong> /etc/exports and /etc/fstab files (or similar files on other systems) are<br />

system files to which only the system administrator may have access.<br />

- File systems to be exported should be installed on a separate disk or<br />

partition so that, for instance, a user will be prevented from filling the<br />

system disk by writing without authorisation.<br />

- For mounting of exported file systems, the nosuid option must be used in<br />

order to prevent execution of suid programs on the client.<br />

- Where possible, the NFS daemon should be configured in such a way that<br />

it will automatically carry out a check of the port numbers in order to<br />

ensure that only packets from the privileged ports 0 - 1023 will be<br />

accepted.<br />

- For identification of files, so-called file handles are used between client<br />

and server, which can be guessed easily. <strong>The</strong>refore, they should be<br />

randomised by means of the fsirand programme.<br />

- Where available, SECURE NFS should be used to ensure that data will be<br />

transmitted in encrypted form. In this respect, the following steps are<br />

important:<br />

- - generation of keys for all NFS users;<br />

- - deletion of the public key for the user nobody;<br />

- - rpc.ypupdated must not be run on the NIS master server;<br />

- - transfer of the public key map to all computers before SECURE NFS<br />

is started;<br />

- - use of keylogin and keylogout for the generation and deletion of<br />

private keys when logging in and out;<br />

- - the keyserv daemon must be run on every client;<br />

- - the secure option must be used for mounting;<br />

- - the clocks in all computers must be synchronised since the<br />

transmitted packets are provided with timing marks in order to<br />

prevent replay of messages.<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!