S 5.52 Security-related requirements for communications computers

Initiation responsibility: Agency/company management; IT Security Management

Implementation responsibility: Administrators

Access by telecommuters to data at an institution differs in accordance with the type of telecommuting and the tasks to be performed. In some situations, only e-mail might be exchanged between telecommuters and the institution. In other cases, it might be necessary for telecommuters to access servers at the institution. Regardless of the type of access procedure being used though, the communications computer at the institution needs to meet the following security requirements:

• Identification and authentication: All users of the communications computer, i.e. administrators, employees at the institution and telecommuters, must identify and authenticate themselves before gaining access to the computer. If attempts of identification and authentication fail repeatedly, access is to be denied. Preset passwords are to be changed.

If necessary, the communications computer should be able to prompt for renewed authentication from the telecommuter or remote workstation during the process of data transfer in order to preclude unauthorised interventions.

As part of user identification and authentication, the remote workstation should also be identified (for example, by means of subscriber numbers and call-back procedures).

• Role distinction: The roles assumed by the administrator and users of the communications computer must be separated. Only the administrator should be able to allocate permissions.

• Rights management and monitoring: Access to files on the communications computer must only be granted in accordance with the rights allocated in each case. In particular, access to computers installed at the institution and the data stored on them must be regulated. Data and system access should be restricted to the bare minimum. The time periods during which access by telecommuters is possible, can also be restricted.

In the event of a system failure or irregularities, the communications computer must assume a stable state, in which access to it might no longer be possible.

• Minimisation of services: Services provided by the communications computer must follow the principle of minimisation: Everything not explicitly allowed is prohibited. The services themselves must be restricted to the scope absolutely necessary for telecommuters to fulfill their duties.

• Logging: Data transmissions from, to and via the communications computer must be logged with details of the time, user, address and type of service.

Tools for evaluating log data should be available to administrator and auditor. Any irregularities which are detected should be reported automatically.

• Automatic scanning for computer viruses: Transferred data must undergo automatic scanning for computer viruses.

• Encryption: Confidential data maintained on the communications computer for telecommuters are to be encrypted.

• Disabling or securing of remote administration: If the communications computer does not require remote administration, all related functions should be disabled. If remote administration is unavoidable, it must be secured adequately. Every remote administration routine should only be allowed to take place following successful identification and authentication. Administrative activities are to be logged and administrative data are to be transmitted in encrypted form. Preset passwords and cryptographic keys must be changed.

Additional controls:

• Which functions does the communications computer offer?

• At which time intervals are checks performed as to whether the selected settings and allocated rights still conform with actual requirements?