S 2.146 Secure operation of a network management system

Initiation responsibility: Head of IT, IT Security Officer

Implementation responsibility: Administrator

For the secure and reliable operation of a network management tool or a complex network management system, which can consist of several different network management tools, it is necessary to examine and ensure that all components involved are configured securely. These components include the operating systems on which the network management system or systems are operated, the external databases usually required by a network management system, the protocol used (see S 2.144 Selection of a suitable network management protocol) and the active network components themselves. Before putting a network management system into operation, it is necessary to determine the operating requirements and create a network management concept (see S 2.143 Development of a network management concept).

The following points in particular must be kept in mind:

• To prevent the network management information from being read or changed, the computer on which the network management console is operated must be suitably protected. Here, measures include, for example, installation in a specially protected room, the use of screen locks, password protection for the network management console, and additional security mechanisms available in the underlying operating system.
• Safeguard S 2.144 Selection of a suitable network management protocol must be taken into account as it is relevant to ensure secure operation. -In particular, it is necessary to specify suitable configurations for the active network components according to the protocol used, in order to prevent the MIBs and other information from being read by unauthorised persons (see S 4.80 Secure access mechanisms for remote administration and S 4.82 Secure configuration of active network components).
• If network management functions are executed locally by using a client/server model or by using the X-Windows technology, then their secure operation must also be guaranteed.
• Integrity tests must be performed on the software used at regular intervals to enable early detection of unauthorised changes.
• The response of the network management system to a system crash must be tested. In particular, the system should offer an automatic restart option in order to keep the time in which the local network is not being monitored to a minimum. The network management database must not be damaged by a system crash and must be available after restarting since the configuration data it contains is essential for the operation of the network management system. For these reasons, this data must be specially protected so that, on the one hand, they are still available, and on the other hand, so that no old or corrupt configuration data is used during a restart (which may have been triggered by an attacker for exactly this purpose). It may also be necessary under some circumstances to take module S 5.7 Databases into account to protect the database used.
• When restoring data backups, it must be ensured that the files relevant to the secure operation of the network management system, i.e. the configuration data files, password files, and even the meta-configuration files for the actual network components, are all up-to-date.
  The following information is relevant to the secure operation of a network management system:
  • Configuration data of the network management system; these data must be stored in adequately protected directories.
  • Configuration data of the network components (meta-configuration files); these data must also be stored in adequately protected directories.
  • Password files for the network management system. In this respect, it is necessary to ensure the password quality and the possibility of storing passwords in encrypted form (see S 2.11 Provisions governing the use of passwords).
• Administration of the active network components via the network should be restricted, and administration should be performed over the local interfaces instead if it is not possible to guarantee that the confidentiality and integrity requirements of the network management information will be met. Centralised network management should not be used in this case.

Review questions:

• Is the computer on which the network management console is operated adequately protected?
• Do the configurations of the active network components prevent MIBs and other information from being read by unauthorised persons?
• When using functions in accordance with the client/server model or when using X-Windows technology, is secure operation guaranteed?
• Are integrity tests of the software used carried out at regular intervals?
• Is it ensured that the network management system can be restarted automatically following a system crash and that the correct configuration data is used?
• When restoring data backups, is it ensured that relevant files such as configuration data files, password files and meta-configuration files for the network components are all up-to-date?
• Are the configuration data of the network management system and those of the network components protected against unauthorised access?
• Is access to the network management system adequately protected?
• Is the administration of the active network components performed in such a manner that meeting the confidentiality and integrity requirements of the network management information can be ensured?