HostedDB - Dedicated UNIX Servers
fips191_6 FIPS PUB 191 1.5.2 Remote Computing - Concerns Remote  computing  must  be  controlled  so  that  only  authorized  users  may  access  remote components  and  remote  applications.   Servers  must  be  able  to  authenticate  remote  users  who request services or applications.   These requests may also call for the local and remote servers to authenticate to each other.   The inability to authenticate can lead to unauthorized users being granted  access  to  remote  servers  and  applications.    There  must  be  some  level  of  assurance regarding the integrity of applications utilized by many users over a LAN. 1.5.3 Topologies and Protocols - Concerns The topologies and protocols used today demand that messages be made available to many nodes in reaching the desired destination.   This is much cheaper and easier to maintain than providing a  direct  physical  path  from  every  machine  to  every  machine.  (In  large  LANs  direct  paths  are infeasible.)   The possible threats inherent include both active and passive wiretapping.   Passive wiretapping includes not only information release but also traffic analysis (using addresses, other header  data,  message  length,  and  message  frequency).    Active  wiretapping  includes  message stream modifications (including modification, delay, duplication, deletion or counterfeiting). 1.5.4 Messaging Services - Concerns Messaging  services  add  additional  risk  to  information  that  is  stored  on  a  server  or  in  transit. Inadequately  protected  email  can  easily  be  captured,  and  perhaps  altered  and  retransmitted, effecting both the confidentiality and integrity of the message. 1.5.5 Other LAN Security Concerns Other LAN security problems include (1) inadequate LAN management and security policies, (2) lack of training for proper LAN usage and security, (3) inadequate protection mechanisms in the workstation environment, and (4) inadequate protection during transmission. A  weak  security  policy  also  contributes  to  the  risk  associated  with  a  LAN.  A  formal  security policy governing the use of LANs should be in place to demonstrate management’s position on the  importance  of  protecting  valued  assets.    A  security  policy  is  a  concise  statement  of  top management’s  position  on  information  values,  protection  responsibilities,  and  organizational commitment.  A strong LAN security policy should be in place to provide direction and support from the highest levels of management.    The policy should identify the role that each employee has in assuring that the LAN and the information it carries are adequately protected. The  LAN  security  policy  should  stress  the  importance  of,  and  provide  support  for,  LAN management.   LAN  management  should  be  given  the  necessary  funding,  time,  and  resources. Poor  LAN  management  may  result  in  security  lapses.    The  resulting  problems  could  include 8