IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Communications Remarks
____________________________________________________________________ .........................................
transmitted via a different route and compared, to ensure that the certificate is
correct.
Operators of WWW servers who intend exchanging security-related data with
visitors to their WWW pages should offer a route protected by cryptographic
techniques for this purpose, i.e. SSL, for example.
Note: If the users are protected against active content and computer viruses by
a firewall, they must implement their own protective measures against these
risks if they are using SSL, as described for example in S 4.33 Use of a virus
scanning program on exchange of data media and during data transfer and S
5.69 Protection against active content.
Additional controls:
- Is the use of SSL compatible with the existing security guidelines for the
firewall or on the use of WWW services?
- Do the users know what needs to be taken into account when using SSL?
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000