S 6.54 Procedures in case of a loss of network integrity

Initiation responsibility: Head of IT Section, IT Security Management

Implementation responsibility: Administrator, IT users

If the network acts unexpectedly (for example, if servers are not available, access to network resources is not possible, or the network performance collapses constantly), this might be due to a loss of network integrity brought about by misuse of the network (e.g. unauthorised administration, changes to the configuration of active network components, damage to network components).

Users should observe the following procedure in this case:

• Working documents should be saved and, if necessary, programs still running should be terminated.

• The administrator should be informed via an appropriate escalation stage (e.g. User Help Desk). The reporting procedure should not be allowed to significantly hinder the administrator's activities.

The network administrator should observe the following procedure:

• Narrow the faulty response down to a network segment or network component.

• Check the configuration of the active network components present there (this also includes password checks).

• If necessary, restore the original configuration data (refer to S 6.52 Regular backup of configuration data of active network components).

• If necessary, check the hardware in use (cabling, plug connectors, active network components etc.) for defects.

• Request all users to check their working domains for irregularities.

Additional controls:

• Which measures have been conceived to ensure that the administrator is properly informed?

• Are these measures also implemented?