IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Communications Remarks
____________________________________________________________________ .........................................
S 5.51 Security-related requirements for
communications links between telecommuting
workstations and the institution
Initiation responsibility: Head of IT Section, IT Security management
Implementation responsibility: Administrators , Telecommuters
The exchange of business data between a telecommuting workstation and the
communications computer at the institution normally takes place via public
communications networks. As neither the institution nor the telecommuter can
fully guarantee the confidentiality, integrity and availability of their
information in such public communications networks, additional safeguards
might be required if the networks do not offer a sufficiently high level of
security.
In general, data transmission between home workstations and the institution
must meet the following security requirements:
- Ensuring the confidentiality of transmitted data: A sufficiently reliable
encryption mechanism must be used to prevent the contents of data from
being recovered even if these data are intercepted during transmission
between the home workstation and the communications computer at the
institution. In addition to a suitable encryption technique, this also requires
appropriate key management and a change of keys at regular intervals.
- Ensuring the integrity of transmitted data: The employed transfer protocols
must be able to identify and reverse coincidental changes to data during
their transmission. If required, an additional error detection mechanism can
be used to identify intentional manipulation during data transmission.
- Ensuring the availability of data transmission lines: If time delays during
telecommuting are very difficult to tolerate, the selected public
communications network should provide redundant routes which prevent a
complete breakdown in communications should one of the routes fail.
Under certain circumstances, redundant network links between the
interfaces of the telecommuting workstation and communications computer
at the institution can be dispensed with.
- Ensuring the authenticity of data: During the transmission of data between
telecommuters and the institution, it should be possible to reliably
determine whether communications are taking place between the correct
parties, in order to preclude masquerading. This means that the indicated
source of data should be identical to the actual source of the data. In
addition, it should be possible to clearly establish whether data apparently
transmitted by the institution actually originated from that institution.
- Ensuring the reproducibility of data transmission: To render data
communications reproducable, logging functions can be used to
subsequently ascertain which data were transmitted to which location.
- Ensuring the reception of data: If the correct reception of data is of
importance during telecommuting, acknowledgement routines can be used
to determine whether transmitted data have been received correctly.
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000