IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Organisation Remarks
____________________________________________________________________ .........................................
Restrictions on accessing the WWW server
Before a WWW server is commissioned and every time before it is updated, it
must be established who is permitted to retrieve information from the WWW
server. It must be clarified whether only staff within the company’s or
agency’s own organisation, plus teleworkers, are allowed to access the
provided information, or also any external user or only a restricted circle of
users. These restrictions may also vary according to the type of information on
offer in each case.
If access to the WWW server is to be made possible for a limited group of
people only, measures to ensure this must be implemented, as described in S
4.94 Protection of WWW files, for example.
It is also necessary to clarify whether it is fundamentally possible only to
retrieve information or whether users should also be able to load new
information themselves. In this case, too, it must be established which group
of people has which rights.
Clear structuring
As HTML files do not have to be arranged hierarchically, the directory
structure with a WWW server is of no relevance to its mode of operation. To
facilitate maintenance, however, care should be taken to ensure that the
structure is clear.
It may be the case that links to your documents will be created on other
WWW servers; changes to document names or directory names should
therefore be avoided. Consequently the directory structure must be planned
with expansion in mind.
Making documents available
Once the organisational hurdles have been overcome, work can begin on
making information available on the network. An Internet WWW server is a
form of presenting the organisation to the outside world, so the Internet
presence should be prepared with commensurate care.
It is advisable to gain experience with an intranet WWW server first, before
connecting a WWW server to the Internet. It is best to start with a small
number of simple applications.
Information can be made available in the form of HTML files or can be
integrated into HTML files, such that the information can be read directly
when accessed with a browser. Alternatively it can also be made available as
files ready for downloading, in any other required format. In this case the files
first have to be stored on the user’s IT system before they can be viewed or
used for any purpose.
All HTML documents and WWW files intended for publication on the
Internet should be subjected to quality control and have their content approved
before publication in exactly the same way as any other published document.
HTML documents can be produced with special-purpose HTML editors, or
documents produced in other formats can be converted to HTML with HTML
converters.
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000