5.1 DOS PC (single user)

Description

The subject here is a commercially available IBM-compatible PC run with DOS or a comparable operating system. Such a PC must not be connected to a local area network. It is equipped with a floppy disk drive, a hard disk and, optionally, a mouse. If available, a printer is to be directly connected to the PC. A graphic user interface can also be employed here. The following is based on the assumption that such a PC will be operated by a single user.

Threat Scenario

The following threats (T) are assumed for IT baseline protection of a DOS PC (Single User):

Force Majeure:

• T 1.1 Loss of personnel
• T 1.2 Failure of the IT system
• T 1.4 Fire
• T 1.5 Water
• T 1.8 Dust, soiling

Human Failure:

• T 3.2 Negligent destroying of equipment or data
• T 3.3 Non-compliance with IT security measures
• T 3.6 Hazards posed by cleaning staff or outside staff
• T 3.8 Improper use of the IT system

Technical Failure:

• T 4.1 Disruption of power supply
• T 4.7 Defective data media

Deliberate Acts:

• T 5.1 Manipulation/destruction of IT equipment or accessories
• T 5.2 Manipulation of data or software
• T 5.4 Theft
• T 5.9 Unauthorised use of IT systems
• T 5.23 Computer viruses
• T 5.43 Macro viruses

Recommended Countermeasures (S)

For the implementation of IT baseline protection, selection of the required packages of safeguards ("modules") as described in chapters 2.3 and 2.4, is recommended.

The safeguard package for "DOS PC (Single User)" is presented in the following:

Infrastructure:

• S 1.29 (3) Adequate siting of an IT system (optional)

Organisation:

• S 2.3 (2) Data media control
• S 2.4 (2) Maintenance/repair regulations
• S 2.9 (3) Ban on using non-approved software
• S 2.10 (3) Survey of the software held
• S 2.13 (2) Correct disposal of resources requiring protection
• S 2.22 (2) Escrow of passwords
• S 2.23 (3) Issue of PC Use guidelines (optional)
• S 2.24 (3) Introduction of a PC Checklist booklet (optional)

Personnel:

• S 3.4 (1) Training before actual use of a program
• S 3.5 (1) Education on IT security measures

Hardware/Software:

• S 4.1 (1) Password protection for IT systems
• S 4.2 (1) Screen lock
• S 4.3 (2) Periodic runs of a virus detection program
• S 4.4 (3) Locking of floppy-disk drive slots (optional)
• S 4.30 (2) Utilisation of the security functions offered in application programs (optional)
• S 4.44 (2) Checking of incoming data for macro viruses
• S 4.84 (1) Use of BIOS security mechanisms

Contingency Planning:

• S 6.20 (2) Appropriate storage of backup data media
• S 6.21 (3) Backup copy of the software used
• S 6.22 (2) Sporadic checks of the restorability of backups
• S 6.23 (2) Procedure in case of computer virus infection
• S 6.24 (3) PC emergency floppy disk
• S 6.27 (3) Backup of the CMOS RAM
• S 6.32 (1) Regular data backup

© Copyright by Bundesamt für Sicherheit in der Informationstechnik 2000

Last Update on 6 April 2000