IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Communications Remarks
____________________________________________________________________ .........................................
runs of a virus detection programme). Whereas file viruses only represent a
threat within a DOS emulation system, viruses which change the boot sector
of Intel-based systems like PC’s can also be a threat to UNIX systems on Intel
platforms; and the greatest danger to UNIX systems from computer viruses
comes from PC’s which have mounted a UNIX system using NFS. Viruses
which delete or alter files or directories on a PC can also access mounted
directories and destroy them. So when opening directories for mounting, the
access permissions must be allocated as restrictively as possible, in particular
read-only access should be given for directories using the ro option (read
only). Apart from this, users on UNIX should set the attributes for their files
and directories as restrictively as possible, so that other users cannot access
them, or so that no writing access is possible for files which are not regularly
changed. This should be pre-set using an appropriate umask.
Additional controls:
- Are the permissions associated with NFS directories too wide-ranging?
- Are network access points sufficiently protected (organisationally or
technically)?
- Are the RPC configuration files correctly set?
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000