IT Baseline Protection Manual S 4 Safeguard Catalogue - Hardware & Software
S 4 Safeguard Catalogue - Hardware & Software
S 4.1 Password protection for IT systems S 4.2 Screen lock S 4.3 Periodic runs of a virus detection program S 4.4 Locking of floppy disk drive S 4.5 Logging of PBX administration jobs S 4.6 Audit of the PBX configuration (target/performance reconciliation) S 4.7 Change of preset passwords S 4.8 Protection of the PBX operator's console S 4.9 Use of the security mechanisms of X Windows S 4.10 Password protection for PBX terminals S 4.11 Screening of PBX interfaces S 4.12 Disabling of unneeded user facilities S 4.13 Careful allocation of identifiers S 4.14 Mandatory password protection under Unix S 4.15 Secure log-in S 4.16 Restrictions on access to accounts and/or terminals S 4.17 Blocking and erasure of unneeded accounts and terminals S 4.18 Administrative and technical means to control access to the system-monitor and single-user mode S 4.19 Restrictive allocation of attributes for Unix system files and directories S 4.20 Restrictive allocation of attributes for Unix user files and directories S 4.21 Preventing unauthorised acquisition of administrator rights S 4.22 Prevention of loss of confidentiality of sensitive data in the Unix system S 4.23 Secure invocation of executable files S 4.24 Ensuring consistent system management S 4.25 Use of logging in Unix systems S 4.26 Regular security checks of Unix systems S 4.27 Password protection in laptop PCs S 4.28 Software re-installation in the case of change of laptop PC users S 4.29 Use of an encryption product for laptop PCs S 4.30 Utilisation of the security functions offered in application programs S 4.31 Ensuring power supply during mobile use S 4.32 Physical deletion of data media before and after usage S 4.33 Use of a virus scanning program when exchanging of data media and data transmission S 4.34 Using encryption, checksums or digital signatures S 4.35 Pre-dispatch verification of the data to be transferred S 4.36 Blocking fax recipient numbers S 4.37 Blocking fax sender numbers S 4.38 Deactivation of unnecessary service features S 4.39 Deactivation of answering machines for periods of absence S 4.40 Preventing unauthorised use of computer microphones S 4.41 Use of a suitable PC security product S 4.42 Implementation of security functions in the IT application S 4.43 Fax machine with automatic envelopment sealing system S 4.44 Checking of incoming files for macro viruses S 4.45 Setting up a secure Peer-to-Peer environment S 4.46 Use of the log-on password under WfW and Windows 95 S 4.47 Logging of firewall activities S 4.48 Password protection under Windows NT S 4.49 Safeguarding the boot-up procedure for a Windows NT system S 4.50 Structured system administration under Windows NT S 4.51 User profiles to restrict the usage possibilities of Windows NT S 4.52 Protection of devices under Windows NT S 4.53 Restrictive allocation of access rights to files and directories under Windows NT S 4.54 Logging under Windows NT S 4.55 Secure installation of Windows NT S 4.56 Secure deletion under Windows NT and Windows 95 S 4.57 Deactivating automatic CD-ROM recognition S 4.58 Sharing of directories under Windows 95 S 4.59 Deactivation of ISDN board functions which are not required S 4.60 Deactivation of ISDN router functions which are not required S 4.61 Use of security mechanisms offered by ISDN components S 4.62 Use of a D-channel filter S 4.63 Security-related requirements for telecommuting computers S 4.64 Verification of data before transmission / elimination of residual information S 4.65 Testing of new hardware and software S 4.66 Novell Netware - safe transition to the year 2000 S 4.67 Locking and deleting database accounts which are no longer required S 4.68 Ensuring consistent database management S 4.69 Regular checks of database security S 4.70 Monitoring a database S 4.71 Restrictive utilisation of database links S 4.72 Database encryption S 4.73 Specifying upper limits S 4.74 Networked Windows 95 computers S 4.75 Protection of the registry under Windows NT S 4.76 Secure system version of Windows NT S 4.77 Protection of administrator accounts under Windows NT S 4.78 Careful modifications of configurations S 4.79 Secure access mechanisms for local administration S 4.80 Secure access mechanisms for remote administration S 4.81 Auditing and logging of activities in a network S 4.82 Secure configuration of active network components S 4.83 Updating / upgrading of software and hardware in network components S 4.84 Use of BIOS security mechanisms S 4.85 Design of suitable interfaces for crypto modules S 4.86 Secure separation of roles and configuration with crypto modules S 4.87 Physical security of crypto modules S 4.88 Operating system security requirements when using crypto modules S 4.89 Emission security S 4.90 Use of cryptographic procedures on the various layers of the ISO/OSI reference model S 4.91 Secure installation of a system management system S 4.92 Secure operation of a system management system S 4.93 Regular integrity checking S 4.94 Protection of WWW files S 4.95 Minimal operating system S 4.96 Deactivating DNS S 4.97 One service per server S 4.98 Restricting communication to a minimum with packet filters S 4.99 Protection against subsequent changes to information S 4.100 Firewalls and active content S 4.101 Firewalls and encryption S 4.102 C2 security under Novell 4.11 S 4.103 DHCP server under Novell Netware 4.x S 4.104 LDAP Services for NDS S 4.105 Initial measures after a Unix standard installation S 4.106 Activation of system logging S 4.107 Use of vendor resources S 4.108 Simplified and secure network management with DNS services under Novell NetWare 4.11 S 4.109 Software reinstallation on workstations S 4.110 Secure installation of the RAS system S 4.111 Secure configuration of the RAS system S 4.112 Secure operation of the RAS system S 4.113 Use of an authentication server within RAS access S 4.114 Use of the security mechanisms provided on mobile phones S 4.115 Safeguarding the power supply of mobile phones S 4.116 Secure installation of Lotus Notes S 4.117 Secure configuration of a Lotus Notes server S 4.118 Configuration as a Lotus Notes server S 4.119 Instituting restrictions on access to Lotus Notes servers S 4.120 Configuration of access control lists for Lotus Notes databases S 4.121 Configuration of rights of access to the Lotus Notes Name and Address Book S 4.122 Configuration for browser access to Lotus Notes S 4.123 Configuration of SSL-protected browser access to Lotus Notes S 4.124 Configuration of authentication mechanisms with browser access to Lotus Notes S 4.125 Instituting restrictions on access to Lotus Notes databases with browser access S 4.126 Secure configuration of a Lotus Notes client S 4.127 Secure configuration of browser access to Lotus Notes S 4.128 Secure operation of Lotus Notes S 4.129 Secure handling of Notes ID files S 4.130 Security measures following the creation of a new Lotus Notes database S 4.131 Encryption of Lotus Notes databases S 4.132 Monitoring of a Lotus Notes system S 4.133 Appropriate choice of authentication mechanisms S 4.134 Choice of suitable data formats S 4.135 Restrictive granting of access rights to system files