S 4 Safeguard Catalogue - Hardware & Software

S 4.1 Password protection for IT systems
S 4.2 Screen lock
S 4.3 Periodic runs of a virus detection program
S 4.4 Locking of floppy disk drive
S 4.5 Logging of PBX administration jobs
S 4.6 Audit of the PBX configuration (target/performance reconciliation)
S 4.7 Change of preset passwords
S 4.8 Protection of the PBX operator's console
S 4.9 Use of the security mechanisms of X Windows
S 4.10 Password protection for PBX terminals
S 4.11 Screening of PBX interfaces
S 4.12 Disabling of unneeded user facilities
S 4.13 Careful allocation of identifiers
S 4.14 Mandatory password protection under Unix
S 4.15 Secure log-in
S 4.16 Restrictions on access to accounts and/or terminals
S 4.17 Blocking and erasure of unneeded accounts and terminals
S 4.18 Administrative and technical means to control access to the system-monitor and single-user mode
S 4.19 Restrictive allocation of attributes for Unix system files and directories
S 4.20 Restrictive allocation of attributes for Unix user files and directories
S 4.21 Preventing unauthorised acquisition of administrator rights
S 4.22 Prevention of loss of confidentiality of sensitive data in the Unix system
S 4.23 Secure invocation of executable files
S 4.24 Ensuring consistent system management
S 4.25 Use of logging in Unix systems
S 4.26 Regular security checks of Unix systems
S 4.27 Password protection in laptop PCs
S 4.28 Software re-installation in the case of change of laptop PC users
S 4.29 Use of an encryption product for laptop PCs
S 4.30 Utilisation of the security functions offered in application programs
S 4.31 Ensuring power supply during mobile use
S 4.32 Physical deletion of data media before and after usage
S 4.33 Use of a virus scanning program when exchanging of data media and data transmission
S 4.34 Using encryption, checksums or digital signatures
S 4.35 Pre-dispatch verification of the data to be transferred
S 4.36 Blocking fax recipient numbers
S 4.37 Blocking fax sender numbers
S 4.38 Deactivation of unnecessary service features
S 4.39 Deactivation of answering machines for periods of absence
S 4.40 Preventing unauthorised use of computer microphones
S 4.41 Use of a suitable PC security product
S 4.42 Implementation of security functions in the IT application
S 4.43 Fax machine with automatic envelopment sealing system
S 4.44 Checking of incoming files for macro viruses
S 4.45 Setting up a secure Peer-to-Peer environment
S 4.46 Use of the log-on password under WfW and Windows 95
S 4.47 Logging of firewall activities
S 4.48 Password protection under Windows NT
S 4.49 Safeguarding the boot-up procedure for a Windows NT system
S 4.50 Structured system administration under Windows NT
S 4.51 User profiles to restrict the usage possibilities of Windows NT
S 4.52 Protection of devices under Windows NT
S 4.53 Restrictive allocation of access rights to files and directories under Windows NT
S 4.54 Logging under Windows NT
S 4.55 Secure installation of Windows NT
S 4.56 Secure deletion under Windows NT and Windows 95
S 4.57 Deactivating automatic CD-ROM recognition
S 4.58 Sharing of directories under Windows 95
S 4.59 Deactivation of ISDN board functions which are not required
S 4.60 Deactivation of ISDN router functions which are not required
S 4.61 Use of security mechanisms offered by ISDN components
S 4.62 Use of a D-channel filter
S 4.63 Security-related requirements for telecommuting computers
S 4.64 Verification of data before transmission / elimination of residual information
S 4.65 Testing of new hardware and software
S 4.66 Novell Netware - safe transition to the year 2000
S 4.67 Locking and deleting database accounts which are no longer required
S 4.68 Ensuring consistent database management
S 4.69 Regular checks of database security
S 4.70 Monitoring a database
S 4.71 Restrictive utilisation of database links
S 4.72 Database encryption
S 4.73 Specifying upper limits
S 4.74 Networked Windows 95 computers
S 4.75 Protection of the registry under Windows NT
S 4.76 Secure system version of Windows NT
S 4.77 Protection of administrator accounts under Windows NT
S 4.78 Careful modifications of configurations
S 4.79 Secure access mechanisms for local administration
S 4.80 Secure access mechanisms for remote administration
S 4.81 Auditing and logging of activities in a network
S 4.82 Secure configuration of active network components
S 4.83 Updating / upgrading of software and hardware in network components
S 4.84 Use of BIOS security mechanisms
S 4.85 Design of suitable interfaces for crypto modules
S 4.86 Secure separation of roles and configuration with crypto modules
S 4.87 Physical security of crypto modules
S 4.88 Operating system security requirements when using crypto modules
S 4.89 Emission security
S 4.90 Use of cryptographic procedures on the various layers of the ISO/OSI reference model
S 4.91 Secure installation of a system management system
S 4.92 Secure operation of a system management system
S 4.93 Regular integrity checking
S 4.94 Protection of WWW files
S 4.95 Minimal operating system
S 4.96 Deactivating DNS
S 4.97 One service per server
S 4.98 Restricting communication to a minimum with packet filters
S 4.99 Protection against subsequent changes to information
S 4.100 Firewalls and active content
S 4.101 Firewalls and encryption
S 4.102 C2 security under Novell 4.11
S 4.103 DHCP server under Novell Netware 4.x
S 4.104 LDAP Services for NDS
S 4.105 Initial measures after a Unix standard installation
S 4.106 Activation of system logging
S 4.107 Use of vendor resources
S 4.108 Simplified and secure network management with DNS services under Novell NetWare 4.11
S 4.109 Software reinstallation on workstations
S 4.110 Secure installation of the RAS system
S 4.111 Secure configuration of the RAS system
S 4.112 Secure operation of the RAS system
S 4.113 Use of an authentication server within RAS access
S 4.114 Use of the security mechanisms provided on mobile phones
S 4.115 Safeguarding the power supply of mobile phones

© Copyright by Bundesamt für Sicherheit in der Informationstechnik 2000

Last Update: Ocober 2000