|
|
Initiation responsibility: Head of IT Section, IT Security Management
Implementation responsibility: Administrator, Auditor
Every insecure access to a network constitutes an enormous security loophole. Therefore every communication to the internal network must without exception be effected over a secure channel. This could, for example, be a firewall (see Section 7.3).
Procedures must be laid down to ensure that no other external connections can be established by circumventing the firewall. All the users must be informed as to the dangers associated with the creation of unchecked access routes, e.g. using modems which staff have brought into work with them.
All external network access routes should be recorded centrally (see Section 2.1). Furthermore, sampling methods should be used to review whether additional network access routes have been established over modems or by any other means. For example, predefined auto-dial call numbers specified can be tested to see whether any data transmission facilities are activated in response.
Data transmission should be properly controlled in all organisations. All data transmission facilities should be approved and their use should be subject to clear rules and procedures. This concerns not only routers, modems and ISDN cards, but also infrared or radio interfaces.
Data transmission should be properly controlled in all organisations. In particular, the following points should be specified:
Examples of the above will be found in S 2.61 Procedures Governing Modem Usage and S 2.179 Procedures Controlling the Use of Fax Servers.
Additional controls:
| © Copyright
by Bundesamt für Sicherheit in der Informationstechnik |
last update: October 2000 |