IT Baseline Protection Manual - Chapter 5.6 PC with Windows 95
5.6 PC with Windows 95
Description
A typical PC with the operating system Windows 95 is
considered. This PC should not be networked. The PC has
a floppy disk drive, a removable or hard disk, a CD-ROM
and possibly a mouse. If available, a printer is to be
directly connected to the PC. The basis for further
considerations is that multiple users will be using this PC.
The following fundamental considerations should also be
taken into account:
Essential security properties of Windows 95 can be put
into effect only in a server-supported network. If a non-networked Windows 95 computer is operated
locally, multi-user operation should be avoided as long as important functions such as control of rights
or protocols can still be carried out without the aid of PC security products. The same considerations
must be taken even with a single user if this user is to be restricted by an administrator via the system
guidelines, as this would actually result in multi-user operation.
Conclusion: A non-networked Windows 95 computer should only have one user who should not be
restricted. Restriction of a user is only wise if this eases navigation of the system or if faulty operation
can thereby be ruled out. If multi-user operation must nonetheless be implemented, then, for reasons of
security, this is only wise in combination with a PC security product.
95
Threat Scenario
For IT-baseline protection of a PC with Windows 95, the following typical threats will be considered:
For the implementation of IT baseline protection, selection of the required packages of safeguards
("modules") as described in chapters 2.3 and 2.4, is recommended.
In the following the safeguard group "PC with Windows 95" is presented. The fundamental
considerations at the beginning of the chapter (see above) should be observed. The safeguards are
divided into the following categories:
Basic safeguards (essentially, these are the same as for chapter 5.1 DOS-PC),
Safeguards for multi-user operation,
Restrictions and
usage in the network
The following basic safeguards need to be implemented:
Infrastructure:
S 1.29 (3) Adequate siting of an IT system (optional)
S 6.46 (1) Creating a start-up disk for Windows 95
If many users work on the Windows 95 computer, administration of the computer and division of users
is essential. In this case, the following safeguards for multi-user operation must additionally be
implemented:
Organisation:
S 2.26 (1) Designation of an administrator and his deputy
If particular user-specific restrictions are to be provided in the user environment, the following
safeguards must be deployed (Safeguards S 2.64 and S 2.65
are only effective in connection with S 4.41
or S 4.42):