IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Organisation Remarks
____________________________________________________________________ .........................................
S 2.143 Development of a network management
concept
Initiation responsibility: Head of IT Section, IT Security Management
Implementation responsibility: Administrators
The diversity of IT systems grouped in a local network, such as server
systems, terminal devices, printers, active network components etc. should be
capable of being managed and monitored centrally from a suitable point.
Preference should be given to central instead of decentral management of
network components, as the former approach requires a lower administrative
effort and allows central definition and control of security requirements.
Central network management is primarily used to ensure the availability and
integrity of the network, as well as the integrity and confidentiality of the
transmitted data. This is a very complex task which needs to be supported
through the use of a network management tool.
Before such a network management system is procured and put into operation,
it is first necessary to prepare a concept which formulates all security
requirements for the network management system and proposes appropriate
measures to be implemented on the occurrence of an error or alarm. During
the preparation of this concept, the following aspects of network management
should be considered in particular and represented in a global context.
- Performance measurements for network analysis (refer to S 2.140 Analysis
of the existing network environment)
- Responses to error messages from the monitored network components
- Remote maintenance / remote control, particularly of active network
components
- Generation of trouble tickets and escalation on the occurrence of network
problems (links with the system management and user helpdesk or external
message communicators such as pagers and facsimile machines can be
established via this feature).
- Logging and auditing (online and/or offline)
- Integration of any existing proprietary systems, or systems with different
management protocols (e.g. in the area of telecommunications)
- Configuration management of all IT systems in use (also refer to. S 4.82
Secure configuration of active network components)
- Distributed access to network management functions. Remote access to
network management functions might be necessary for administration or
auditing; a particularly careful definition and allocation of access rights is
necessary here.
The specific requirements to be fulfilled by a network management tool are
described in S 2.145 Requirements for a network management tool. The
management tool must allow the implementation of the network management
concept.
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000