S 4.16 Restriction on access to user IDs and/or terminals
Initiation responsibility: IT Security Officer, Head of IT
Implementation responsibility: Administrator
If stationary IT systems located in rooms that cannot be accessed outside specified working hours are used at night or during the weekend, this may indicate unauthorised use. To avoid this, blocking these IT systems and/or the corresponding user IDs outside official working hours or periods of use should be considered. If this involves an unreasonable amount of time and effort (for instance in case of very irregular or frequently changing working hours), blocking should be effected at least during the standard non-working or non-use periods.
If staff members are only employed on particular IT systems within the LAN, they should only be able to log in to these IT systems, i.e. the user IDs are restricted to these IT Systems.
For terminals using Unix, the respective user must be entered as the owner of the given device driver. When this user has logged out, root should automatically become the owner again. Only the respective user should have read access for this purpose. If a user wishes to receive messages from other system users (e.g. through talk), they have to be granted write access rights to the device driver. It must be checked whether this is absolutely necessary.
The number of simultaneous logins under one account from several different IT systems can often be restricted. To protect against unnoticed intrusion by attackers, users have to be prevented from logging in to more than one IT system at a time.
Review questions:
- Have time frames, i.e. temporary access restrictions, been configured for all accounts and terminals?