IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

START NOW

Threats Catalogue Deliberate Acts Remarks<br />

____________________________________________________________________ .........................................<br />

T 3.9 Improper <strong>IT</strong> system administration<br />

Improper <strong>IT</strong> system administration can jeopardises the security of the system<br />

if it results in circumvention of or failure to observe <strong>IT</strong> security measures.<br />

Improper administration exists, for example, if network access points (daemon<br />

processes) which are not necessary for the regular operation of the <strong>IT</strong> system<br />

or which represent a particularly large threat due to their error-proneness are<br />

created or not disabled.<br />

Under no circumstances should access accounts be used when working on the<br />

system which possess more privileges than are absolutely necessary for the<br />

work, as this raises the danger of loss or damage due to viruses and Trojan<br />

horses unnecessarily.<br />

It is extremely rare that standard installations of operating systems or system<br />

programs have all the features of a secure installation. Inappropriate<br />

modifications to specific security requirements can pose a considerable risk<br />

here.<br />

Special care must be taken with systems which, if poorly administrated, could<br />

affect the protection of other systems (e.g. firewalls).<br />

Every modification of security settings and extension of access rights<br />

constitutes a potential threat to overall security.<br />

Examples<br />

In addition to the instances mentioned under T 3.8 Improper use of the <strong>IT</strong><br />

system, the System Administrator may create threats due to the incorrect<br />

installation of new or existing software. Other instances of incorrect<br />

management are: failure to use auditing functions or to analyse existing log<br />

files, granting of overgenerous access rights, failure to review access rights at<br />

regular intervals, multiple assignment of the same log-in name or UID, and<br />

failure to use the available security tools, e.g. failure to use a shadow file for<br />

passwords under UNIX.<br />

<strong>The</strong> older a password is, the less effective it becomes. <strong>The</strong> reason for this is<br />

that the probability of a successful attack increases steadily over time.<br />

Special care must be taken over the administration of a firewall system as the<br />

protection of many other systems depends on it.<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000<br />

Insecure network access<br />

Unnecessary access<br />

rights<br />

Improper modifications<br />

Inadequate logging<br />

Ageing of passwords

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!