5.6 PC with Windows 95

Description

A typical PC with the operating system Windows 95 is considered. This PC should not be networked. The PC has a floppy disk drive, a removable or hard disk, a CD-ROM and possibly a mouse. If available, a printer is to be directly connected to the PC. The basis for further considerations is that multiple users will be using this PC.

The following fundamental considerations should also be taken into account:

Essential security properties of Windows 95 can be put into effect only in a server-supported network. If a non-networked Windows 95 computer is operated locally, multi-user operation should be avoided as long as important functions such as control of rights or protocols can still be carried out without the aid of PC security products. The same considerations must be taken even with a single user if this user is to be restricted by an administrator via the system guidelines, as this would actually result in multi-user operation.

Conclusion: A non-networked Windows 95 computer should only have one user who should not be restricted. Restriction of a user is only wise if this eases navigation of the system or if faulty operation can thereby be ruled out. If multi-user operation must nonetheless be implemented, then, for reasons of security, this is only wise in combination with a PC security product. 95

Threat Scenario

For IT-baseline protection of a PC with Windows 95, the following typical threats will be considered:

Force Majeure:

Organisational Shortcomings:

Human Failure:

Technical Failure:

Deliberate Acts:

Recommended Countermeasures (S)

For the implementation of IT baseline protection, selection of the required packages of safeguards ("modules") as described in chapters 2.3 and 2.4, is recommended.

In the following the safeguard group "PC with Windows 95" is presented. The fundamental considerations at the beginning of the chapter (see above) should be observed. The safeguards are divided into the following categories:

The following basic safeguards need to be implemented:

Infrastructure:

Organisation:

Personnel:

Hardware/Software:

Contingency Planning:

If many users work on the Windows 95 computer, administration of the computer and division of users is essential. In this case, the following safeguards for multi-user operation must additionally be implemented:

Organisation:

Personnel:

If particular user-specific restrictions are to be provided in the user environment, the following safeguards must be deployed (Safeguards S 2.64 and S 2.65 are only effective in connection with S 4.41 or S 4.42):

Organisation:

Hardware/Software:

If the PC with Windows 95 is merged in a network, then, additionally, the following measure is necessary:

Hardware/Software:


© Copyright by Bundesamt für Sicherheit in der Informationstechnik 2000

Last Update on 6 April 2000