S 2.321 Planning the use of client-server networks

Initiation responsibility: IT Security Officer, Head of IT

Implementation responsibility: Head of IT, Administrator

Appropriate advance planning is a basic prerequisite for operating clients securely.

Planning the use of clients can take place in several steps according to the top-down principle: Based on a rough concept for the entire system, specific plans for sub-components are drawn up in specific sub-concepts. Planning does not only address aspects that are associated with security in a classical sense, but also normal operational aspects that entail requirements in the area of security.

The rough concept should, for example, deal with the following, typical questions:

• Which tasks should the client fulfil? Which services must the clients be able to access? Are there special demands on the availability of the systems or the confidentiality or integrity of the stored or processed data?
• Should certain hardware components be used in the system? This can be important for the selection of the operating system, for example.
• Which hardware requirements (CPU, main memory, hard drive capacities, network capacity etc.) result from the general requirements?
• Is the network in which clients are to be used a homogeneous or heterogeneous computer network?
• Do the clients serve as replacements for existing systems? Should databases or hardware components be taken over from the old systems?
• Should additional operating systems be installed on the computers using Multiboot?

It is advisable to draw up one or more generic requirements profiles (e.g. "general office PC", "development computer" or "administration client") that can serve as a basis for concrete planning.

The following subconcepts should be taken into account when planning:

• Authentication and user administration: Which types of user administration and user authentication should be used? Are users only administered locally or is a central administration system to be used? Should the system access a central, network-based authentication service, or is only local authentication required? You can find more information on this issue in S 4.133 Appropriate choice of authentication mechanisms and S 4.250 election of a central, network-based authentication service.
• User and group concepts: Based on the organisation-wide user, rights, and roles concept, corresponding rules must be developed for the clients (see also S 2.31 Documentation of authorised users and rights profiles and S 2.30 Provisions governing the configuration of users and of user groups).
• Administration: How are the systems to be administered? Are all settings performed locally or are the clients integrated into central administration and configuration management?

• Partition and file system layout: During the planning phase, an initial estimation of the required disk space should be performed. For easier administration and maintenance, it is recommendable to separate the operating system (system programs and configuration), application programs and data (for example, database servers and date), and possibly user data as far as possible. For this, different operating systems offer different mechanisms (partition in drives under Windows, file systems under Unix). Often it may make sense to even store certain data to a separate hard disk or a separate disk system. For example, this makes it possible to accept the data on the other partitions without copying after having newly installed or updated the system.
  
  In the planning phase, the designed division of the partitions and their size should be documented.

• If data with high protection requirements regarding availability is stored on the clients, it is urgently recommended to use encrypted file systems. In doing so, it is not absolutely necessary to encrypt all file systems, but it will often be sufficient to encrypt the part of the file system the data is stored on. This is facilitated by planning the partition and file system layout correspondingly.
  
  In case of special requirements regarding the confidentiality of the data stored on the clients, it can become necessary to provide the systems with an encryption programme that encrypts the entire hard drive and performs user authentication (e.g. via a chip card) prior to starting the operating system ("pre-boot authentication").
• Network services and network connection: The network connection of the clients must be planned according to the security requirements of the data that must be accessed from the clients.
  
  Depending on the computers' defined operational purpose, access to additional services in the network may be required. This must already be taken into consideration within the framework of planning so that no problems are caused at a later point in time due to insufficient transmission capacities or problems with intermediate security gateways, for example.
• Monitoring: If there are special demands on the availability of the clients, a monitoring system can be used. To this end, a monitoring daemon is installed on a server, to which a locally installed agent sends the data to be monitored, e.g. system utilisation or remaining free memory space. In case of problems, an alert can be generated, for example.

• Logging: Logging also plays an important role with clients, e.g. when diagnosing and eliminating malfunctions or detecting and tracing attacks. In the planning phase, the decision as to which information should be logged at a minimum and how long the logged data will be stored should be made. In addition, it must be specified whether the logged data will be stored locally on the systems or on a central log server in the network.
  
  It makes sense to already define how and when the data is to be evaluated during the planning phase.
• High-availability: If there are special demands on the availability of the client, how these demands can be met should already be considered during the planning phase.

All decisions made in the planning phase must be documented so that they can be understood at a later point in time. In doing so, it must be observed that usually this information will need to be evaluated by other persons in addition to the author. Therefore, the information must be appropriately organised and easy to understand.

Review questions:

• Do a rough concept and/or the necessary subconcepts for planning the use of client-server networks exist?
• Have the tasks of the clients and, based on this, the required services been defined?
• Have different requirements profiles been created for each client type?
• Is the use of special hardware taken into account when selecting the operating system?
• Are there specifications regarding authentication and user administration?
• Are there specifications regarding the network services used and the network connection that take the requirements of the use profiles into account?
• Are requirements regarding monitoring and logging that correspond to the requirements and protection objectives defined in the concepts?
• Are the concepts for use regularly adapted to the current requirements?