IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Communications Remarks
____________________________________________________________________ .........................................
S 5.33 Secure remote maintenance via modem
Initiation responsibility: IT Security Management
Implementation responsibility: Administrators
The remote maintenance of IT systems via modem involves particularly high
security risks. For security reasons, it is advisable to operate without external
remote maintenance. If this is not possible, additional safeguards must be
implemented.
The IT system to be maintained, including the modem used, must incorporate
the following functions:
- The establishment of a connection for remote maintenance should also be
initiated from the local IT system. This can be achieved by calling the
remote maintenance point of the IT system requiring maintenance or by
automatic call-back.
- External maintenance personnel must authenticate themselves before
commencing maintenance. If passwords are transferred unencrypted, they
should be one-time (cf. S 5.34 Use of one-time passwords).
- All activities during remote maintenance must be logged on to the IT
system being maintained.
The following additional functions can be implemented on the IT system to be
maintained:
- Activation of a time lock on invalid access attempts.
- Disablement of remote maintenance during normal operation and explicit
allowance for a specified time period.
- Restriction of permissions for maintenance personnel. The maintenance
personnel must not possess full administrative privileges. On DOS PC's,
gradation of the administration of privileges must be realised by means of
additional software. Observe S 2.33 Division of administrator roles under
UNIX for UNIX systems and S 2.38 Division of administrator roles in PC
networks for PC networks.
The maintenance personnel should only have access to those data and
directories actually requiring maintenance.
- The IT system should provide the maintenance personnel with their own
user ID under which all maintenance should be carried out, if possible.
- If the connection to the remote maintenance point is interrupted for some
reason, access to the system must be terminated through automatic log-out.
The remote maintenance must be monitored locally by IT experts. Even if
remote maintenance is implemented due to lacking internal know-how or
capacity, the maintenance personnel must not be left unobserved (cf. S 2.4
Maintenance/repair regulations). If there are any doubts concerning
procedures, the local IT expert should enquire immediately. It must, at any
time, be possible to interrupt remote maintenance locally.
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000