IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

Safeguard Catalogue - Organisation Remarks<br />

____________________________________________________________________ .........................................<br />

Normally, there is no association between a database ID and the user ID of the<br />

underlying operating system. However, some database software packages<br />

offer the possibility of copying the operating-system ID to the database<br />

system. This eliminates the need for users to answer the password prompt for<br />

database access if they have already logged in with their operating-system ID.<br />

Oracle allows the use of OPS$ IDs, for example. This type of ID is composed<br />

of the prefix "OPS$" and the operating-system ID of the user. If a user logs<br />

into the database system with his operating-system ID, the database<br />

management system does not request the entry of a password. If a user logs in<br />

with a different ID though, a password is required.<br />

However, this possibility poses a hazard that access to the database might no<br />

longer be deniable if a security violation occurs on the operating-system level<br />

(e.g. if the related password is cracked). Consequently, the security of the<br />

database relies heavily on the security of the underlying operating system.<br />

This does not generally imply the operating system of the database server -<br />

which is usually reliable - but that of the client, which is protected to a much<br />

lesser degree in some cases. Consequently, it is not advisable to make use of<br />

this possibility; instead, the use of an add-on product for central user<br />

management throughout the <strong>IT</strong> operation (e.g. ISM Access Master by Bull)<br />

should be considered in order to facilitate handling for users (keyword: Single-<br />

Sign-On). Here too though, harmonisation is required between the selected<br />

add-on product and the applicable security requirements.<br />

Additional controls:<br />

- Which organisational rules exist for the configuration of database users and<br />

user groups?<br />

- Have naming conventions been specified for user IDs and group IDs?<br />

- Have authorisation profiles been created?<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!