|
Initiation responsibility: Head of IT Section
Implementation responsibility: IT-users
If access to an IT system is protected by means of a password, precautions must be taken to ensure that, should a member of staff be away e.g. on holiday or due to illness, his/her substitute can access the IT system.
Depending on the IT systems and applications used and the IT security guidelines of the organisation concerned, there are a number of possibilities here. Thus, for example, the password can be lodged in a suitable place. On typical multi-user systems, the Administrator can release the user access rights required or change the password to a new value. In many IT systems and applications, however, groups can be configured so that if someone is absent his/her registered stand-in can access the system.
All the solutions mentioned have not only advantages but also disadvantages so that careful consideration is required as to which solution is the most appropriate to a particular situation.
The following examples are intended to illustrate this point.
The bookkeeper, Mrs Müller, is working on a Windows PC which is connected to a LAN as a client. To cover any potential problem areas which might occur during Mrs Müller's absence, her areas of activity have been gone through with her and solutions have been devised.
Escrow of passwords always entails a significant amount of organisational effort since each employee has to lodge the necessary current passwords in a suitable place (e.g. in sealed envelope in a safe in the secretary's office). Whenever a password is changed, this must be updated. It must not be possible for any password to be forgotten. (Sometimes up to five different passwords are needed to access an application on a computer.) It must not be possible for unauthorised persons to access the lodged passwords. Should it become necessary to use one of the lodged passwords, this should be done observing the two-person rule. Records must be kept of every instance of access to the lodged passwords.
If possible, passwords should only be lodged if there is no other (technical) solution. It should be noted here that the fact of escrow of passwords conveys a false sense that passwords are being handled securely. Passwords must not be "lodged" underneath keyboards or in other similar cases, nor passed on to other colleagues simply because this is easier than asking the Administrator to issue the necessary access rights.
But if the use of passwords is the only way of accessing an IT system or application, then they must be securely lodged. This is generally the case, for example, where Administrator access rights or single-user systems are involved.
There should therefore be fixed procedures which specify how passwords are to be lodged and what framework conditions must be created for this.
In the case of teleworkers, steps must be taken to ensure that the passwords they use to access IT systems on the home workstation are also lodged at work, so that if an emergency arises, a stand-in can access the data stored on the teleworkstation.
Regular checks must be carried out to ensure that current system administrator passwords relating to all systems looked after by administrators, especially networked systems, have been escrowed.
Additional controls:
© Copyright
by Bundesamt für Sicherheit in der Informationstechnik |
July 2001 |