IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

Safeguard Catalogue - Communications Remarks<br />

____________________________________________________________________ .........................................<br />

S 6.31 Procedural patterns following a loss of system<br />

integrity<br />

Initiation responsibility: Head of <strong>IT</strong> Section, <strong>IT</strong> Security management<br />

Implementation responsibility: Administrator, <strong>IT</strong> users<br />

If a UNIX system starts behaving in an unexpected manner (e.g. undefined<br />

system behaviour, data gone missing, modified file contents, steady reduction<br />

of storage space although no data has been saved), a loss of integrity may have<br />

occurred. This can result from misuse of the system, for example, as a result<br />

of changes to the system settings, import of a Trojan horse or a computer<br />

virus.<br />

Users should observe the following procedure in this case:<br />

- Keep calm.<br />

- Notify the Administrator.<br />

- Exit the current programs.<br />

<strong>The</strong> Administrator must take the following steps:<br />

- Shut down the system.<br />

- Start up the system so that it can only be accessed from the console (e.g.<br />

single-user mode).<br />

- Take a complete backup (this can be helpful if data or tracks are destroyed<br />

in the subsequent investigation).<br />

- Check the executable files for visible modifications, e.g. creation date and<br />

file size (as an aggressor could reset these to their original values, the<br />

integrity of the files should be checked with checksum procedures, such as<br />

tripwire).<br />

- Deletion of the executable files and play-back of the original files from<br />

write-protected data media (cf. S 6.21 Backup copy of the software used).<br />

(Programs from data backups must not be replayed).<br />

- Check and, if necessary, reload the system directories and files and their<br />

attributes (e.g. /etc/inetd.conf, /etc/hosts.equiv, cron- and at-jobs, etc.),<br />

- Check the attributes of all user directories and files, e.g. using checksum<br />

procedures like tripwire, and if necessary reset to minimal settings (i.e.<br />

rights confined to file owner, no root files in user domains, rhost and<br />

.forward files, also blocked accounts).<br />

- Change all the passwords.<br />

- Ask users to check their domains for irregularities.<br />

Once all the passwords have been changed, they must be notified to the users<br />

concerned. No password or password derivation scheme which is known to all<br />

the users should be used here. It is better to generate the passwords randomly<br />

and notify the users by a reliable route, e.g. in sealed envelopes. <strong>The</strong>se<br />

passwords should be changed immediately after logging on for the first time.<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000<br />

Misuse<br />

Do not panic!<br />

Complete data backup<br />

Check executable files<br />

Reload original files<br />

Check attributes<br />

Generate new<br />

passwords using<br />

randomisation

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!