6.2 Unix network

Description

Networked Unix systems consist of computers running on the Unix operating system and offering services (as servers) for other IT systems within a network, or making use of such services themselves (as clients).

In this chapter, the threats and safeguards described are specifically for Unix networks. Additional threats and safeguards applying to server-supported networks can be found in chapter 6.1.

Threat Scenario

The following typical threats (T) are assumed as regards IT baseline protection of a networked Unix system:

Organisational Shortcomings:

Human Failure:

Technical Failure:

Deliberate Acts:

Recommended Countermeasures (S)

For the implementation of IT baseline protection, selection of the required packages of safeguards ("modules") as described in chapters 2.3 and 2.4, is recommended.

In the following, the safeguard group "networked Unix system" is presented.

Some measures refer to the configuration of the various servers; other measures will have to be implemented by servers and clients in order to become effective. For any clients connected, the safeguards outlined in chapter 5 must be implemented.

6.2.1 Unix-Server

It is advisable to install the server in a separate server room. The appropriate measures are described in Chapter 4.3.2. If no server room is a available, a server cabinet should be used (c.f. Chapter 4.4).

In addition, the following measures will have to be taken:

Infrastructure:

Organisation:

Hardware/Software:

Access to the Unix system

Allocation of attributes / Working with the Unix system

Logging / Security checks

Communications:

Contingency Planning:

6.2.2 Unix-Client

To implement baseline protection into Unix security, the following measures must be implemented for each and every Unix client, along with the safeguards listed above which, in essence, apply to Unix servers.

Organisation:

Hardware/Software:

Access to the Unix system

Allocation of attributes / Working with the Unix system

Logging / Security checks

Communications:

Contingency Planning:


© Copyright by Bundesamt für Sicherheit in der Informationstechnik 2000

Last Update on 6 April 2000