HostedDB - Dedicated UNIX Servers
-->
IT Baseline Protection Manual S 4.78 Careful modifications of configurations

S 4.78 Careful modifications of configurations

Initiation responsibility: Head of IT Section, IT Security management

Implementation responsibility: Administrators

All changes made to an IT system during actual operation should be considered as critical, and appropriate caution must be exercised when performing such changes.

Before any change is made to an IT system, the old configuration should be backed up, so that it is readily available if the new configuration poses any problems.

In the case of networked IT systems, users must be duly informed about impending maintenance work, so that they can plan for a temporary system shutdown and correctly localise any problems which might occur after the changes have been made.

Changes to a configuration should always be performed in individual steps. Regular checks should be made as to whether these steps have been executed correctly, and whether the affected IT system and applications are still fully functional.

If changes are made to system files, a re-start should be performed subsequently in order to check whether the IT system can still be started correctly. All data carriers required for emergency starting - such as boot diskettes, boot CD-ROM - should be kept handy in case a problem occurs.

If possible, complex changes to a configuration should not be made in the original files, but in copies. All changes which have been performed should be examined by a colleague before being incorporated into regular operations.

In the case of IT systems which need to fulfil high availability requirements, redundant systems should be maintained, or at least restricted IT operations should be ensured. Ideally, the procedures specified in the contingency manual should be followed in this case.

All changes made to a configuration should be noted down step-by-step, so that if a problem occurs, the functionality of the IT system can be restored by a successive reversal of the changes (also refer to S 2.34 Documentation of changes made to an existing IT system).

Additional controls:

© Copyright by
Bundesamt für Sicherheit in der Informationstechnik		 July 1999
home