S 5.33 Secure remote maintenance via modem

Initiation responsibility: IT Security Management

Implementation responsibility: Administrators

The remote maintenance of IT systems via modem involves particularly high security risks. For security reasons, it is advisable to operate without external remote maintenance. If this is not possible, additional safeguards must be implemented.

The IT system to be maintained, including the modem used, must incorporate the following functions:

• The establishment of a connection for remote maintenance should also be initiated from the local IT system. This can be achieved by calling the remote maintenance point of the IT system requiring maintenance or by automatic call-back.

• External maintenance personnel must authenticate themselves before commencing maintenance. If passwords are transferred unencrypted, they should be one-time (cf. S 5.34 Use of one-time passwords).

• All activities during remote maintenance must be logged on to the IT system being maintained.

The following additional functions can be implemented on the IT system to be maintained:

• Activation of a time lock on invalid access attempts.

• Disablement of remote maintenance during normal operation and explicit allowance for a specified time period.

• Restriction of permissions for maintenance personnel. The maintenance personnel must not possess full administrative privileges. On DOS PC's, gradation of the administration of privileges must be realised by means of additional software. Observe S 2.33 Division of administrator roles under Unix for Unix systems and S 2.38 Division of administrator roles in PC networks for PC networks.

The maintenance personnel should only have access to those data and directories actually requiring maintenance.

• The IT system should provide the maintenance personnel with their own user ID under which all maintenance should be carried out, if possible.

• If the connection to the remote maintenance point is interrupted for some reason, access to the system must be terminated through automatic log-out.

The remote maintenance must be monitored locally by IT experts. Even if remote maintenance is implemented due to lacking internal know-how or capacity, the maintenance personnel must not be left unobserved (cf. S 2.4 Maintenance/repair regulations). If there are any doubts concerning procedures, the local IT expert should enquire immediately. It must, at any time, be possible to interrupt remote maintenance locally.

If data or programmes are stored on the local IT system during maintenance, this must be made clearly noticeable and comprehensible; e.g. such processes must only take place in marked directories or under certain user ID's.

In accordance with S 3.2 Commitment of staff members to compliance with relevant laws, regulations and provisions, contractual provisions should also be laid down as regards the commitment of external maintenance personnel to the secrecy of data. In particular, data stored externally during maintenance must be erased meticulously after work has been completed. The obligations and responsibilities of the external maintenance personnel must also be carefully specified.

Additional controls:

• From where can remote maintenance be performed?

• Is a call-back procedure installed?

• Have the described security functions been implemented?

• Are the inputs made via remote maintenance logged?

• Is access to the protocol files provided for remote maintenance?

• Are invalid log-in attempts logged?

• Is the connection terminated after such attempts?

• Is an automatic log-out effected on line interruption?