S 4.45 Setting up a secure Peer-to-Peer environment

Initiation responsibility: Head of IT Section, IT Security Management

Implementation responsibility: Administrators

The administrator should individually authorise or block the Peer-to-Peer functions for every computer in the WfW network and thus restrict the WfW environment in a user-specific way. To do this he requires the administration tool ADMINCFG.EXE.

After calling up ADMINCFG.EXE, the security configuration file WFWSYS.CFG, in which the security settings of the respective WfW computer are stored, must first be opened. ADMINCFG.EXE cannot distinguish in this case between different users on one WfW computer.

Even if it is not intended to restrict the environment, the security configuration file WFWSYS.CFG must be provided with password protection. If the administration tool ADMINCFG.EXE is installed locally for this purpose, it must be removed afterwards.

From the point of view of security, it is possible to create the following configurations for the computer with the aid of the administration tool ADMINCFG.EXE:

The sharing options must be specified:

• If the computer is not intended for the sharing of directories, the option "Deactivate file sharing" must be set. The corresponding functions are then no longer available in the file manager but it remains possible to link up with the directories of other computers.

• If the computer is not intended for the sharing of printers, the option "Deactivate printer sharing" must be set.

• If the computer is not intended for network DDE sharing (e.g. telephony under WfW, data communication via the filing folder), the option "Deactivate network DDE sharing" must be set.

The password options must be specified:

• In the case of activated password caching, all WfW network connections will be stored in a file with associated passwords if this is desired by the user in the respective connection set-up. Repeated password entries are then no longer necessary at a later date. The "Deactivate password caching" option should always be set, at the very least, if the WfW computer does not have adequate access protection (e.g. BIOS password).

• "Display passwords in sharing dialogue fields in a readable manner" may not be activated as otherwise the password appears on the screen in plain text when it is entered.

• "Expiration of log-on password" should be set in the period specified in the security strategy.

• "Minimum password length" must be set to at least 6.

• "Enforce alphanumeric passwords" should be set. Thus letter and numeral combinations become obligatory.

• The options "Request confirmed log-on in Windows NT or LAN manager domain" and "Allow caching of passcode words" are not considered at this point as the interplay of WfW with Windows NT or LAN manager was not investigated.

The administrator settings must be specified:

• The administrator must specify a password for the created configuration file WFWSYS.CFG, which may only be known to himself and his substitute. This password must be deposited securely (cf. S 2.22 Depositing of Passwords).

• Pre-set security profiles may be accepted from a server via "Update options". Furthermore, it is also possible to set them so that at the start of a client, the security configuration file of the server is checked, and, in the event of changes, the local file is updated. This makes central administration of the WfW network, simple addition of further WfW computers and changing of the password for the configuration files easier for the WfW administrator.

When configuring a Windows-for-Workgroups computer, the administrator also needs to consider the following points:

• The pre-set option "Share again on startup" must be deactivated in the sharing dialogues (file and print manager).

• The pre-set option "Store password in password list" must be deactivated in the connection dialogues (file and print manager).

• In the program group SYSTEM CONTROL under network,the computer name, the name of the work group and the standard log-on name should be pre-set in accordance with the name convention.

• The WfW protocol must be activated (in the program group SYSTEM CONTROL under network). In this case, all events should be recorded and the protocol file should be set up to be sufficiently large (e.g. 32 KB).

• In the program group SYSTEM CONTROL under network, an option should be set up via the button start indicating whether the computer's own applications or access by others should be treated with priority. If access by others is subordinate, priority in favour of more rapid execution should be selected.

• During the use of Schedule+, the right granted by default to view open and assigned time blocks must be deactivated for all unauthorised WfW users. Otherwise every user at the same post office will be able to view individual appointments in the time schedule.

If a post office is configured for use by several persons for the purpose of communications or joint appointment scheduling, a corresponding data backup should be performed at appropriate time intervals. This is required to prevent inadvertent or intentional deletion of the post office, which is not protected automatically under WfW.

Additional controls:

• Are the settings made documented in an appropriate form?

• Was any consideration given to supervising the security settings via the network? WfW offers the facility for depositing security profiles on a server which will call up the individual clients in the WfW network for updating.