IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Organisation Remarks
____________________________________________________________________ .........................................
S 2.67 Defining a security strategy for peer-to-peer
networks
Initiation responsibility: Head of IT Section, IT Security Management
Implementation responsibility: IT Security Management
Prior to commencement of the configuration and installation of a Peer-to-Peer
network on a WfW, Windows 95 and/or Windows NT computer, two basic
factors must be considered:
It should first be clarified which service must be performed by the relevant
operating system and what is the scope of this service? In particular, it should
be clarified whether the Peer-to-Peer functions of the operating system, i.e.
shared resources such as printers or directories should be used at all.
This can be illustrated using a number of examples:
- The IT-system is used for a working group of typically three to five users,
whereby each user should have all rights. The complete Peer-to-Peer
functionality should be supported at each workstation.
- The IT-system is used for a large group in which various rights can be
allocated. The Peer-to-Peer functionality is to be implemented in a limited
manner on the basis of definite requirements.
- The IT-system is used in a server-supported PC network, where Peer-to-
Peer functionality for the exchange of data can generally be dispensed
with. several printers should be used jointly via peer-to-peer functions.
- The IT-system is to be installed in a server-supported PC network, where
Peer-to-Peer functionality is not planned. All Peer-to-Peer functions must
then be deactivated. In this case, the consideration of the following points
is not necessary. However, the measures described in S 5.37 Restricting
peer-to-peer functions when using WfW, Windows 95 or Windows NT in a
server-supported network should be taken into account.
Note:
security functions offered by server-supported networks are far more
extensive than those offered by Peer-to-Peer networks. Moreover, additional
security problems may arise when using Peer-to-Peer functions in a serversupported
network. Therefore the use of Peer-to-Peer functions in a serversupported
PC network should be avoided. Peer-to-Peer networks which
serve to connect WfW to other computers with WfW, Windows 95 or
Windows NT should only be considered as a temporary solution until WfW is
replaced by Windows 95 or Windows NT or until a server-supported network
operating system is installed.
Given that Peer-to-Peer functions should be used, these considerations must
then be transformed into a security strategy.
This demonstrates that the development of a suitable security strategy involves
a relatively large amount of time and expense, depending on the system
environment and organisation structure already in place, as well as the planned
restrictions of Peer-to-Peer functionality.
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000