IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Communications Remarks
____________________________________________________________________ .........................................
S 5.37 Restricting Peer-to-Peer functions when using
WfW, Windows 95 or Windows NT in a
server-supported network
Initiation responsibility: Head of IT Section, IT Security Management
Implementation responsibility: Administrators
If Windows for Workgroups, Windows 95 or Windows NT are used as the
user interface in a server-supported LAN, alongside the server-supported
network, a Peer-to-Peer network can be operated. This creates new
communications possibilities apart from those provided in the client-server
(CS) network. These are not logged on the server (CS).
With this kind of configuration, operating the two network structures in
parallel is often not advisable as the required functionality can generally be
provided by the server-supported LAN. Therefore, Peer-to-Peer functions
should not be installed in a server-supported LAN. The administrator should,
in individual cases, decide if certain connected WfW, Windows 95 and
Windows NT computers should activatethe Peer-to-Peer functions ”File
sharing” and "Network-DDE-support". In some cases "Printer sharing" can be
a sensible addition.
Under Windows NT only administrators can share resources for network
access (by using File-manager or Explorer). Before sharing a resource, it
should be examined whether the share is in accordance with the established
security strategies (see also S 2.67 Determining a security strategy for the
Peer-to-Peer network and S 2.91 Determining a security strategy for the
Windows NT Client-Server-network).
Additional controls:
- Who decided whether Peer-to-Peer functions should be used in a serversupported
network?
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000