IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

START NOW

Safeguard Catalogue - Organisation Remarks<br />

____________________________________________________________________ .........................................<br />

S 2.60 Secure administration of a modem<br />

Initiation responsibility: Head of <strong>IT</strong> Section, <strong>IT</strong> Security Management<br />

Implementation responsibility: <strong>IT</strong> users, Administrator<br />

<strong>The</strong> secure use of a modem requires certain administrative measures:<br />

- <strong>The</strong> subscriber number of a modem must only be disclosed to the<br />

communication partners involved, in order to protect the modem from<br />

unauthorised dialling-in attempts. This number must not be listed in the<br />

telephone directory of the organisation.<br />

- Modems integrated in a network server can be accessed by users from their<br />

respective terminals. In this situation, access to the communications<br />

software must only be granted to users who are authorised to transmit data<br />

(also refer to S 2.42 Determination of potential communications partners).<br />

- <strong>The</strong> modem settings and communications software must be checked<br />

regularly, and a log of the data transmissions must be maintained.<br />

- It must be ensured that the modem interrupts the telephone connection as<br />

soon as the user logs-out of the system. For stand-alone systems, this can<br />

be realised by leaving the modem connected to the telephone network only<br />

for the period of data transmission and then deactivating or disconnecting it<br />

from the line. Modems integrated in a network server must be configured<br />

accordingly. An external modem can simply be switched off. In addition,<br />

all users must be instructed to quit the communications program after<br />

completion of data transmission.<br />

- It must be ensured that external users are automatically logged out of the<br />

<strong>IT</strong> system on disruption of a modem link, otherwise the next caller would<br />

be able to proceed using the same user ID without having to log-in first.<br />

<strong>The</strong> next caller could then work with the same user ID, without any need to<br />

log on to the system<br />

Additional controls:<br />

- Have the modem settings been checked to determine whether they<br />

effectively prevent unauthorised use?<br />

- Is the modem disconnected when users log-out?<br />

- Are users logged-out automatically on disconnection of the modem?<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!