S 2.146 Secure operation of a network management system

Initiation responsibility: Head of IT Section, IT Security Management

Implementation responsibility: Administrators

For the secure and reliable operation of a network management tool or a complex network management system composed, for example, of several different network management tools, a secure configuration of all the components involved should be ensured. These components include the operating systems on which the network management system is executed, the external databases usually required for the network management system, the protocol in use (refer to S 2.144 Selection of a suitable network management protocol) and the active network components themselves. Before a network management system is put into operation, the requirements for preparing and implementing a network management concept should be determined (refer to S 2.143 Development of a network management concept).

The following items must be observed in particular:

• To prevent network management information from being intercepted or modified, the computer on which the network management console is operated must be protected appropriately. Measures here include, for example, installation in a specially protected room, the use of screen locks, password protection for the network management console, and further security mechanisms offered by the underlying operating system.

• Safeguard S 2.144 Selection of a suitable network management protocol should be taken into account in order to ensure secure operation. In particular, the reading of MIBs and other information by unauthorised persons should be prevented by appropriately configuring the active network components on the basis of the protocol in use (refer to S 4.80 Reliable access mechanisms for remote administration and S 4.82 Secure configuration of active network components).

• If network management functions are performed decentrally in accordance with the client / server model or through the use of X-Windows technology, their secure operation must also be ensured.

• The integrity of the software in use must be tested at regular intervals in order to allow a timely detection of any unauthorised modifications.

• The response of the network management system in the event of a system crash must be tested. In particular, it should be possible to perform an automatic restart in order to minimise the time interval over which the local network is not monitored. The network management database must not be damaged by a system crash, and must be available again following a restart, as the configuration data it contains are essential for the operation of the network management system. For this reason, these data require special protection, firstly in order to ensure their availability, and secondly in order to prevent the utilisation of old or faulty configuration data following a restart which may have been perpetrated by an intruder specially for this purpose. If necessary, module 9.2 Databases should be noted for the protection of the database in use.

• When restoring data backups, it must be ensured that files relevant to the reliable operation of the network management system, such as configuration-data files, password files as well as meta-configuration files for the network components themselves are fully up-to-date.

The following data are of relevance to the secure operation of a network management system:

• Configuration data of the network management system; these data must be stored in appropriately protected directories.

• Configuration data of the network components (meta-configuration files), which must also be stored in appropriately protected directories.

• Password files for the network management system. Note must be made here, for example, of password quality factors and the possibility of storing passwords in encrypted form. (refer to S 2.11 Provisions governing the use of passwords).

• An administration of active network components via the network should be restricted and replaced accordingly by administration via local interfaces if requirements concerning the confidentiality and integrity of the network management information cannot be fulfilled. Central network management should be relinquished in this case.

Additional controls:

• Have provisions governing the use of passwords for the network management system and network management tool been stipulated?

• Does the network management system support the required security measures?