S 3.201 General client
Description
The subject covered here is an IT system with any operating system which allows the separation of users (it should be possible to set up at least one administrator and one user environment). Typically an IT system of this type is networked and operated as a client in a client-server network.
The IT system can be run on any platform; it may consist of a PC with or without a hard disk, or it may equally be a Unix workstation or an Apple Macintosh. The IT system may have drives for diskettes, CD-ROMs, DVDs or other drives for removable data media and other peripheral devices. If the client has further interfaces for data exchange, such as USB, Bluetooth, WLAN, these need to be protected in line with the organisation's security policies, as set out in the relevant modules.
This module gives a general overview of threats and IT safeguards which apply to all clients irrespective of the platform and operating system used. The additional modules in the IT-Grundschutz Catalogues are of further relevance depending on the operating system used.
Threat scenario
The following typical threats to the IT-Grundschutz of general clients are assumed to exist:
Organisational Shortcomings
| T 2.1 | Lack of, or insufficient, rules |
| T 2.7 | Unauthorised use of rights |
| T 2.24 | Loss of confidentiality of sensitive data of the network to be protected |
| T 2.37 | Uncontrolled usage of communications lines |
| T 2.147 | Lack of centralisation with peer-to-peer |
Human Error
| T 3.3 | Non-compliance with IT security measures |
| T 3.6 | Hazards posed by cleaning staff or outside staff |
| T 3.8 | Improper use of the IT system |
| T 3.17 | Incorrect change of PC users |
Technical Failure
| T 4.10 | Complexity of access possibilities to networked IT systems |
| T 4.13 | Loss of stored data |
Deliberate Acts
| T 5.1 | Manipulation or destruction of equipment or accessories |
| T 5.2 | Manipulation of information or software |
| T 5.4 | Theft |
| T 5.7 | Line tapping |
| T 5.9 | Unauthorised use of IT systems |
| T 5.20 | Misuse of administrator rights |
| T 5.23 | Malicious software |
| T 5.40 | Monitoring rooms using computers equipped with microphones and cameras |
| T 5.71 | Loss of confidentiality of classified information |
| T 5.85 | Loss of integrity of information that should be protected |
Method recommendation
To secure the information system examined, other modules will need to be implemented in addition to this module. These modules are selected based on the results of the IT-Grundschutz modelling process.
The following steps should be taken in respect of the IT security of clients in connection with the use of workstation computers:
Planning the use of clients
Advance stipulation of the framework conditions is required for the secure use of IT systems. Right from the outset, this involves incorporating the security requirements for the existing IT systems and the planned operating scenarios (see S 2.321 Planning the use of client-server networks). A security policy should be drawn up before purchasing the computers and software (see S 2.322 Defining a security policy for a client/server network).
General issues regarding the secure use of IT systems are covered in module S 1.9 Hardware and software management.
Purchasing
When purchasing clients, which typically involves making bulk purchases, criteria need to be formulated on the basis of the operating scenarios and used to select appropriate products (see S 1.10 Standard software). When purchasing stand-alone systems, it is also important for the system to be compatible with the existing structure in order to avoid unreasonably high input and outlay for integration and operation due to the specific features of a single system.
If hardware or software fails to meet the security requirements stipulated, further safeguards are required. These can be of an organisational nature (such as regulations stating that the client may only be operated behind closed office doors) or additional components may be purchased in order to compensate for the deficiencies identified.
Where demands on the availability of clients are particularly high, the use of an uninterruptible power supply (UPS) is recommended. This can be provided by way of "single-user UPS", for example, if the high demands apply to single clients only, or it could be a dedicated circuit with appropriate backup features ("red socket"). More information on this can be found in S 1.28 Local uninterruptible power supply.
Implementation
Careful selection of the operating system and software components, secure installation and careful configuration are important in order to eliminate risks to the IT systems caused by incorrect operation or deliberate misuse. The safeguards to be taken in this regard are largely dependent on the operating system used. It is therefore necessary to refer to the relevant modules for further details, such as S 3.204 Unix client or S 3.210 Client under Windows Vista.
- Secure installation
The foundations for security are laid when preparing for installation. Decisions need to be taken before installation specifying which components of the operating system and which application programs and tools are to be installed. The decisions taken need to be documented such that the configuration and software selected for the system can be reproduced, if necessary (see S 4.237 Secure basic configuration of IT systems).
The media used for installation should come from a secure source (direct from the manufacturer or distributor of the operating system or program, for example). If possible, the operating system should be installed without the system being connected to the network (offline installation). If, during installation, parts of the packets are to be loaded via the network, a separate network (test network) should be used for the installation which is separated from the rest of the network. We strongly advise against downloading packets via the Internet. Should it be necessary in exceptional cases for a system to be installed directly in the production network, then appropriate additional measures need to be taken to ensure that the system cannot be accessed from outside during installation.
In most cases some basic system configuration settings are undertaken during installation (settings differ depending on the operating system).
- Secure configuration
Installation is followed by the basic configuration of a client. At this stage the provisional configuration, which was set up while installing the installation program, is adapted to the actual conditions and requirements of the information system in which the client is to be used. Often further programs are installed at this stage or programs are removed from a standard configuration, the settings for access to the network are defined and the client is configured for access to directory services or similar services. In addition, user IDs which are not required are deleted or disabled, and the user IDs for the actual users are created.
At this stage the required application programs are installed and configured. When installing and configuring the application programs, it is important to observe the same security aspects as for the installation of the operating system itself.
If a relatively large number of similarly configured clients is to be installed and configured, it is appropriate to not run through the process individually for each client but to create a "generic" installation which is subsequently devolved to each individual client and which requires only minimal changes before being ready for operation. A generic configuration of this type can substantially increase efficiency and help reduce the risk of errors. However, particular care is needed when creating the reference installation. The settings must be documented in such a way that they are easily comprehensible.
One important principle when configuring clients is that normal errors made by operators should not cause serious damage to the system and to data of other users, and that users should not be allowed to access information which is not intended for them simply out of curiosity. More on this can be found in S 4.237 Secure basic configuration of IT systems.
Once the client has been configured the computer can be consigned to the users. Users with insufficient knowledge of the operating system, individual application programs or tools, must be trained in using them beforehand. General points on this issue are contained in module S 1.13 Information security awareness and training.
Operation
One of the most important safeguards when operating modern-day client systems is to keep the systems up-to-date at all times by installation and permanent updating of a virus scanner (see also S 1.6 Computer virus protection concept). Regular data backup (see also S 1.4 Data backup policy) is another basic prerequisite for preventing serious data loss through hardware defects, program malfunctions or user errors.
Monitoring of the system is one means of detecting attacks or misuse. Relevant safeguards in this regard can be found in S 4.93 Regular integrity checking and S 5.8 Regular security checks of the network, and also in module S 1.9 Hardware and software management.
With clients it is equally important for administration to run along secure channels and for the work of the administrators to be comprehensible. The relevant aspects are covered in S 4.234 Orderly withdrawal from operation of IT systems and data media.
Disposal
When disposing of a client the first essential step is to ensure that all the user data have been backed up or transferred to a backup system. Steps must then be taken to ensure that no sensitive data are left on the computer's hard disks. It is not enough just to reformat the hard disks in this case, and the disks need to be completely overwritten at least once instead. It should be borne in mind that data is not effectively removed from the hard disk either through purely logical deletion or by reformatting the disks using the relevant functions of the operating system installed. Data which has been deleted in this way can be reconstructed with certain software, often at no great effort or cost. Information on secure deletion can be found in S 2.13 Correct disposal of resources requiring protection and in S 2.309 Security policies and rules for the use of mobile IT. After disposing of a client it is necessary to update inventories and network plans.
Contingency Planning
The degree of contingency planning required for a general client is heavily dependent on the individual operating scenario. In terms of contingency planning for a client it will often suffice to carry out regular data backup (see S 6.32 Regular data backup) and to create a bootable data medium for emergencies (see S 6.24 Creating an emergency boot medium). For clients with high availability demands it can make sense to undertake further safeguards, such as providing an exchange system.
Depending on the operating system in use, this module might need to be supplemented with additional safeguards. These can be found in the relevant modules.
The following safeguards are to be implemented for general clients:
Planning and design
| S 2.23 | (Z) | Issue of PC Use Guidelines |
| S 2.321 | (A) | Planning the use of client-server networks |
| S 2.322 | (A) | Defining a security policy for a client/server network |
| S 4.41 | (Z) | Use of a appropriate security products for IT systems |
| S 5.152 | (C) | Exchange of information and resources using peer-to-peer services. |
Implementation
| S 4.40 | (C) | Preventing unauthorised use of computer microphones and cameras |
| S 4.237 | (A) | Secure basic configuration of IT systems |
Operation
| S 3.18 | (A) | Log-out obligation for PC users |
| S 4.2 | (A) | Screen lock |
| S 4.3 | (A) | Use of virus protection programs |
| S 4.4 | (C) | Correct handling of drives for removable media and external data storage |
| S 4.200 | (Z) | Handling of USB storage media |
| S 4.238 | (A) | Use of local packet filters |
| S 4.241 | (A) | Secure operation of clients |
| S 4.242 | (Z) | Setting up a reference installation for clients |
| S 5.45 | (B) | Secure use of browsers |
Disposal
| S 2.323 | (A) | Orderly withdrawal from operation of clients |
Contingency Planning
| S 6.24 | (A) | Creating an emergency boot medium |
| S 6.32 | (A) | Regular data backup |