2.3 IT Baseline Protection Modelling

Once the required information is available from the IT structure analysis and the assessment of protection requirements, the next major task is to model the IT assets under consideration with the aid of the existing modules of the IT Baseline Protection Manual. The outcome of this exercise is an IT baseline protection model of the IT assets which is made up from different modules of the manual, in some cases with the same modules being used several times over, and maps the security-relevant aspects of the IT assets onto specific modules and vice versa.

It makes no difference to the IT baseline protection model created whether the IT assets consist of IT systems already in service or whether the IT assets in question are still at the planning stage. However, the model may be used differently depending on whether the assets are already in use or not.

The diagram below clarifies the role of the modelling and its possible outcomes:

Figure: outcome of IT baseline protection modelling

Typically a set of IT assets currently in use will contain not only elements which have already been implemented but also elements which are still at the planning stage. The resulting IT baseline protection model then contains both a test plan and also elements of a design concept. The IT security concept will then be based on a combination of the IT security safeguards which are identified during the target versus actual comparison as being inadequate or missing and those identified for IT assets which are still at the planning stage.

To map a generally complex set of IT assets to the modules in the manual it is recommended that the IT security aspects are considered as groups arranged according to particular topics.

Figure: Tiers in the IT baseline protection model

The IT security aspects of a set of IT assets are assigned to the individual tiers as follows:

Using this tier approach has the following advantages. IT baseline protection modelling entails determining for the modules of a given tier whether and how they can be used to map the IT assets. Depending on the module considered, the objects which are mapped in this way may be of different kinds: individual components, groups of components, buildings, property, organisational units etc. If the target object is a group, then representative samples should be selected from it, and the relevant module should then be applied to those samples.

The IT baseline protection model, i.e. the assignment of modules to target objects, should be documented in the form of a table containing the following columns:

The procedure for modelling a set of IT assets is described in detail in Section 2.3.1 below. Particular importance here is attached to any constraints which apply, when it is appropriate to use a given module and to which target objects it should be applied. Section 2.3.2 presents a shortened modelling procedure for the special case of a single IT system or a single group.

2.3.1 Modelling a Set of IT Assets

When modelling a set of IT assets it is recommended that the modules are assigned using the 5-tier model. This is then followed by a completeness check.

Tier 1: Higher order aspects of IT security

In this tier the generic aspects of the IT assets, which apply to each individual component, are modelled. The primary elements under consideration here are policies and procedures derived from those policies. These aspects should be controlled uniformly for the entire set of IT assets so that in most cases the corresponding modules then only have to be applied once to the entire set of IT assets.

Tier 2: Security of the infrastructure

The structural conditions relevant to the existing IT assets are modelled with the aid of the modules contained in Chapter 4 Infrastructure. This entails assignment of the relevant module from the IT Baseline Protection Manual to every building, room or protective cabinet (or group of these components).

Tier 3: Security of the IT systems

This tier is concerned with security aspects relating to IT systems, i.e. to server and client computers, hosts, terminals etc. Tier 3 is covered by modules from Chapters 5 to 9 of the IT Baseline Protection Manual.

By analogy with the area "Security of the infrastructure", the modules relating to the area of "Security of the IT systems" may be applied either to individual IT systems or to samples from groups. This is assumed below although no further specific reference to it is made.

Tier 4: Security in the network

This tier is concerned with security aspects in the network which cannot be isolated to particular IT systems (e.g. servers) in the network. Rather, the concern here is those security aspects which relate to the network connections and communications between the IT systems.

To simplify matters, it may be appropriate to consider sections within the complete network rather than the whole network at once. The division of the full network into subnetworks should be performed in accordance with these two criteria:

If these two criteria do not lend themselves to a suitable division of the full network (for example because some of the resulting subnetworks are too large or too small), as an alternative the division into subnetworks may proceed at the organisational level. Under this approach, the subnetworks are defined so that they correspond to discreet areas of responsibility of the different administrators or teams of administrators.

It is not possible to make a definite recommendation as to how best to subdivide the complete network into subnetworks, as the requirements stated above might be incompatible with the existing IT assets. Instead, a decision should be made in the individual case as to what is the most practical way of splitting up the complete network, bearing in mind the modules of the IT Baseline Protection Manual which are to be used.

Tier 5: Security in applications

The lowest tier entails modelling of the applications. Modern applications are seldom limited to a single IT system. In particular, core applications used across an entire organisation are generally implemented as client/server applications. In many cases servers themselves access other servers downstream, e.g. database systems. The security of the applications must therefore be considered independently of the IT systems and networks.

Completeness check

In the final step a check should be performed as to whether the entire system has been modelled without any gaps. It is recommended that the network plan or a similar overview of the IT assets is used here and that the individual components are checked systematically. Every component should either be assigned to a group or else be modelled separately. If the complete network has been divided into subnetworks in connection with Tier 4, a check should be performed as to whether

It is important that not only all hardware and software components are represented from a technical perspective, but that the related organisational, personnel and infrastructural aspects are fully covered also. This can be checked using the tables provided in Section 2.3.2, in which for a few typical components those modules of the IT Baseline Protection Manual which should be included in the modelling in every case are specified.

If, when performing these checks, any gaps are revealed in the modelling, the relevant missing components must be added. Otherwise there is a risk that important elements of the complete system or important security aspects will be overlooked when using the IT Baseline Protection Manual.

If it is not possible to perform all the modelling because some modules which are needed are missing from the IT Baseline Protection Manual, we would ask you to notify your requirements to the BSI's IT Baseline Protection Hotline.

Bundesamt für Organisation und Verwaltung (Federal Agency for Organisation and Administration, BOV) - Part 8

The table below is an excerpt from the modelling performed for the fictitious BOV Department.
No. Name of module Target object / target group Sample Contact person Notes
3.1 Organisation Bonn site     The Organisation module must be worked through separately for the Bonn and Berlin sites, as Berlin has its own organisational procedures.
3.1 Organisation Berlin site      
3.2 Personnel Entire BOV     The BOV's Human Resources Department is located centrally in Bonn.
4.3.3 Storage Media Archives R U.02 (Bonn)     The backup data media are kept in this room.
5.3 Laptop PC C5 1 in R 1.06 (Bonn)   A sample will be selected from all the laptops, both in Bonn and Berlin.
5.3 Laptop PC C6 1 in R 2.01 (Berlin)    
7.5 WWW Server S5     S5 functions as the server for the Intranet.
9.2 Databases S5     A database is used on server S5.
2.3.2 Modelling of an Individual IT System

Depending on the object(s) under examination, the tables below serve different functions. If the IT assets under consideration consists only of a single IT system or a single group of IT systems which have the same configuration, same framework conditions and same applications, then as a minimum the modules required for modelling can be read directly out of these tables. Modules with no entry in the relevant column should be used as well if they are relevant to the individual IT system under consideration.

If on the other hand the IT assets are composed out of different components, then the tables provided below will help in checking whether modelling as described in Section 2.3.1 is complete. If, for example, the present IT assets contains Windows NT clients, then all the modules which have an "X" in the relevant table should be considered during modelling. Modules identified with "(X)" only need to be used when certain conditions apply. These conditions are listed in Section 2.3.1.

Key:

X: The module must be applied to this IT system.
(X): The module must be applied to this IT system if the conditions specified in Sectio  2.3.1 apply.
X1: A server room can be replaced by a server cabinet.
  IT Systems Stand-Alone Systems / Clients
  Module DOS-PC (Single User) UNIX System Laptop PC PC (Multi-user) Windows NT PC Windows 95 PC
3.0 IT Security Management X X X X X X
3.1 Organisation X X X X X X
3.2 Personnel X X X X X X
3.3 Contingency Planning Concept (X) (X) (X) (X) (X) (X)
3.4 Data Backup Policy X X X X X X
3.6 Computer Virus Protection Concept X X X X X X
3.7 Crypto Concept (X) (X) (X) (X) (X) (X)
3.8 Handling of Security Incidents (X) (X) (X) (X) (X) (X)
4.1 Buildings X X   X X X
4.2 Cabling X X   X X X
4.3.1 Offices X X   X X X
4.3.2 Server rooms            
4.3.3 Storage Media Archives            
4.3.4 Technical Infrastructure Rooms            
4.4 Protective Cabinets            
4.5 Working Place At Home (Telecommuting)            
5.1 DOS PC (Single User) X   (X) (X)    
5.2 UNIX System   X (X) (X)    
5.3 Laptop PC     X (X)    
5.4 PCs With a Non-Constant User Population (X) (X) (X) X    
5.5 PC under Windows NT     (X)   X  
5.6 PC with Windows 95     (X)     X
5.99 Stand-Alone IT Systems Generally            
6.1 Server-Supported Network            
6.2 UNIX Server            
6.3 Peer-to-Peer Network            
6.4 Windows NT Network            
6.5 Novell Netware 3.x            
6.6 Novell Netware 4.x            
6.7 Heterogeneous Networks            
6.8 Network and System Management            
7.1 Exchange of Data Media (X) (X) (X) (X) (X) (X)
7.2 Modem            
7.3 Firewall            
7.4 E-Mail            
7.5 WWW Server            
7.6 Remote Access            
8.1 Telecommunications System (Private Branch Exchange, PBX)            
8.2 Fax Machine            
8.3 Answering Machine            
8.4 LAN connection over ISDN            
8.5 Fax Servers            
8.6 Mobile Telephones            
9.1 Standard Software X X X X X X
9.2 Databases            
9.3 Telecommuting            
 
  IT Systems Stand-Alone Systems / Clients Stand-Alone Systems / Clients
  Module Telecommuting Stand-Alone IT Systems Generally
3.0 IT Security Management X X
3.1 Organisation X X
3.2 Personnel X X
3.3 Contingency Planning Concept (X) (X)
3.4 Data Backup Policy X X
3.6 Computer Virus Protection Concept X X
3.7 Crypto Concept (X) (X)
3.8 Handling of Security Incidents (X) (X)
4.1 Buildings   X
4.2 Cabling   X
4.3.1 Offices   X
4.3.2 Server Rooms    
4.3.3 Storage Media Archives    
4.3.4 Technical Infrastructure Rooms    
4.4 Protective Cabinets    
4.5 Working Place At Home (Telecommuting) X  
5.1 DOS PC (Single User) (X)  
5.2 UNIX System (X)  
5.3 Laptop PC    
5.4 PCs With a Non-Constant User Population    
5.5 PC under Windows NT (X)  
5.6 PC with Windows 95 (X)  
5.99 Stand-Alone IT Systems Generally (X) X
6.1 Server-Supported Network    
6.2 UNIX Server    
6.3 Peer-to-Peer Network    
6.4 Windows NT Network    
6.5 Novell Netware 3.x    
6.6 Novell Netware 4.x    
6.7 Heterogeneous Networks    
6.8 Network and System Management    
7.1 Exchange of Data Media (X) (X)
7.2 Modem (X)  
7.3 Firewall    
7.4 E-Mail    
7.5 WWW Server    
7.6 Remote Access    
8.1 Telecommunications System (Private Branch Exchange, PBX)    
8.2 Fax Machine (X)  
8.3 Answering Machine (X)  
8.4 LAN connection over ISDN (X)  
8.5 Fax Servers    
8.6 Mobile Telephones    
9.1 Standard Software X X
9.2 Databases    
9.3 Telecommuting X  
 
  IT Systems Server / Network
  Module UNIX Network Peer-to-Peer Network Windows NT Network Novell 3.x Network Novell 4.x Network
3.0 IT Security Management X X X X X
3.1 Organisation X X X X X
3.2 Personnel X X X X X
3.3 Contingency Planning Concept (X) (X) (X) (X) (X)
3.4 Data Backup Policy X X X X X
3.6 Computer Virus Protection Concept X X X X X
3.7 Crypto Concept (X) (X) (X) (X) (X)
3.8 Handling of Security Incidents (X) (X) (X) (X) (X)
4.1 Buildings X X X X X
4.2 Cabling X X X X X
4.3.1 Offices   X      
4.3.2 Server Rooms X   X X X
4.3.3 Storage Media Archives          
4.3.4 Technical Infrastructure Rooms          
4.4 Protective Cabinets X1 X1 X1 X1 X1
4.5 Working Place At Home (Telecommuting)          
5.1 DOS PC (Single User)   (X)      
5.2 UNIX System   (X)      
5.3 Laptop PC   (X)      
5.4 PCs With a Non-Constant User Population   (X)      
5.5 PC under Windows NT   (X)      
5.6 PC with Windows 95   (X)      
5.99 Stand-Alone IT Systems Generally   (X)      
6.1 Server-Supported Network X   X X X
6.2 UNIX Server X        
6.3 Peer-to-Peer Network   X      
6.4 Windows NT Network     X    
6.5 Novell Netware 3.x       X  
6.6 Novell Netware 4.x         X
6.7 Heterogeneous Networks X X X X X
6.8 Network and System Management          
7.1 Exchange of Data Media          
7.2 Modem          
7.3 Firewall          
7.4 E-Mail          
7.5 WWW Server (X)   (X) (X) (X)
7.6 Remote Access          
8.1 Telecommunications System (Private Branch Exchange, PBX)          
8.2 Fax Machine          
8.3 Answering Machine          
8.4 LAN connection over ISDN          
8.5 Fax Servers (X)   (X) (X) (X)
8.6 Mobile Telephones          
9.1 Standard Software X X X X X
9.2 Databases (X)   (X) (X) (X)
9.3 Telecommuting          
 
  IT Systems Communication System
  Module Firewall Private Branch Exchange Fax Machine Answer-phone Fax Servers
3.0 IT Security Management X X X X X
3.1 Organisation X X X X X
3.2 Personnel X X X X X
3.3 Contingency Planning Concept (X) (X) (X) (X) (X)
3.4 Data Backup Policy X X X X X
3.6 Computer Virus Protection Concept X X X X X
3.7 Crypto Concept (X) (X) (X) (X) (X)
3.8 Handling of Security Incidents (X) (X) (X) (X) (X)
4.1 Buildings X X X X X
4.2 Cabling X X X X X
4.3.1 Offices     X X  
4.3.2 Server Rooms X X     X
4.3.3 Storage Media Archives          
4.3.4 Technical Infrastructure Rooms          
4.4 Protective Cabinets X1 X1     X1
4.5 Working Place At Home (Telecommuting)          
5.1 DOS PC (Single User)          
5.2 UNIX System          
5.3 Laptop PC          
5.4 PCs With a Non-Constant User Population          
5.5 PC under Windows NT          
5.6 PC with Windows 95          
5.99 Stand-Alone IT Systems Generally          
6.1 Server-Supported Network X       X
6.2 UNIX Server (X)       (X)
6.3 Peer-to-Peer Network          
6.4 Windows NT Network (X)       (X)
6.5 Novell Netware 3.x (X)       (X)
6.6 Novell Netware 4.x (X)       (X)
6.7 Heterogeneous Networks X       X
6.8 Network and System Management          
7.1 Exchange of Data Media          
7.2 Modem          
7.3 Firewall X        
7.4 E-Mail          
7.5 WWW Server          
7.6 Remote Access          
8.1 Telecommunications System (Private Branch Exchange, PBX)   X      
8.2 Fax Machine     X    
8.3 Answering Machine       X  
8.4 LAN connection over ISDN          
8.5 Fax Servers         X
8.6 Mobile Telephones          
9.1 Standard Software X       X
9.2 Databases          
9.3 Telecommuting          


© Copyright by Bundesamt für Sicherheit in der Informationstechnik 2000

Last Update: October 2000