IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

Safeguard Catalogue - Communications Remarks<br />

____________________________________________________________________ .........................................<br />

S 5.32 Secure use of communications software<br />

Initiation responsibility: <strong>IT</strong> Security Management, Administrators<br />

Implementation responsibility: <strong>IT</strong> users, Administrator<br />

<strong>The</strong> security of computer access via modem is decisively influenced by the<br />

computer software used.<br />

Almost all communications software allows storage of the telephone numbers<br />

and other data of communications partners. Such person-related data must be<br />

protected appropriately.<br />

Passwords for access to other computers and modems should not be stored in<br />

the communications software, even if this appears convenient; every person<br />

having access to the <strong>IT</strong> system and the communications software can then<br />

access other systems under a different user name (cf. S 1.38 Suitable<br />

installation of a modem and S 2.8 Granting of (application/data) access<br />

rights).<br />

Several communications programmes allow data transfer to take place<br />

unobserved in the background, e.g. within Windows. This feature should only<br />

be used with trustworthy communication partners, as it is possible to interrupt<br />

data transmission and transfer data of a different, unauthorised nature from/to<br />

the local computer. In this manner, for example, viruses could be smuggled<br />

into the local computer or confidential data could be copied. Protocols<br />

allowing full-duplex transmission, i.e. simultaneous transmission and<br />

reception, are also available. Such transmission protocols must only be used<br />

with a trustworthy communications partner, as they are equivalent to<br />

background transmission of data.<br />

If the communication software includes password protection or protocol<br />

features, these should be activated.<br />

Additional controls:<br />

- Are passwords being stored in the communications software?<br />

- Are <strong>IT</strong> users aware of the risks associated with the background<br />

transmission of data?<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!