S 4.91 Secure installation of a system management system

Initiation responsibility: Head of IT Section, IT Security Management

Implementation responsibility: Administrators

The installation of a system management system calls for extensive and careful planning. After system analysis has been performed (see S 2.168 ), the management strategy has been laid down (see S 2.169 ) and a suitable management system has been chosen (see S 2.171 ), installation of the product must be planned in detail and put into practice accordingly. The actual management system configuration for the local network must be drawn up in accordance with the architecture on which the management product is based, paying particular attention to the formulated management strategy.

In order to install most management systems, management software has to be installed on the computers concerned; this takes over communication between the management console or servers and the local computer. Often it is also necessary to install database systems on the central computers (servers or gateways), in which the management information is permanently stored by the management software. Depending on the product, it may also be possible to link in an existing database system for this purpose. As a rule the additionally installed software imposes extra demands on the computer's local resources. During planning, therefore, attention must be paid to what system resources are available locally. It may be necessary for some systems to be upgraded. These costs should be taken into account in the selection of the management product.

In addition to these criteria, which are essentially intended to guarantee regulated technical system operations, for security reasons the software associated with the management system and the corresponding data must be included in the determination of the protection requirements in accordance with the IT Baseline Protection Manual (see Chapter 2), and the protection requirements must be classified as "high" to "very high". Compromising the management system is liable not only to cause failure of the entire network; as well as this, unnoticed changes to the system may cause considerable damage which can very rapidly take on existence-threatening forms.

Particular attention should be paid to the following points in relation to installation:

• All computers on which management information is stored must be given special protection:

• The measures specified in the IT Baseline Protection Manual Chapters 5 and 6 must be implemented, depending on the system on hand.

• In particular the operating system mechanisms must be configured so as to prevent unauthorised access to locally stored management information.

• Access to the management software must be granted only to authorised administrators and auditors.

• Physical access to the computers should be restricted.

• Communication between the management components should be encrypted - provided this is supported by the product - in order to prevent the possibility of unauthorised users eavesdropping on or gathering management information. If the product does not support encryption, special measures must be taken in order to safeguard communications (see S 5.68 Use of encryption procedures for network communications).