S 4.24 Ensuring consistent system management

Initiation responsibility: Head of IT section, IT security management, Administrator

Implementation responsibility: Administrators

In many complex IT systems, e.g. under Unix or in a network, there is an administrator role which is not subject to any restrictions. Under Unix, this is the superuser root; in a Novell network, it is the SUPERVISOR. Lack of restrictions will result in a particularly high risk of error or abuse.

In order to avoid errors, operations should be carried out under the superuser log-in only when this is necessary; other work should not even be carried out by the administrator under the administrator ID. In particular, no programs belonging to other users may be invoked under the administrator ID. Also, routine system management (e.g. backup, installation of a new user) should be possible only with menu control.

Appropriate allocation of tasks, specification of guidelines, and measures for co-ordination are required to ensure that administrators do not perform any inconsistent or incomplete operations. For instance, a file must not be edited and modified by several administrators at the same time, as, in that case, only the version saved last would be preserved.

If there is a risk of the lines between the console and terminals being tapped, only the administrator may work at the console in order to prevent interception of passwords.

For all administrators, additional user IDs must be installed which will have only those restricted rights which the administrators need for performing tasks other than administration. For non-administrative activities, administrators should exclusively use these additional user IDs.

Additional controls:

• How is it ensured that intervention by an administrator will not lead to inconsistencies?
• Are backups made before any major intervention?
• Do all administrators have an additional user ID with restricted rights?
• Are the additional user IDs employed by default?