S 4.18 Administrative and technical means to control access to the system-monitor and single-user mode

Initiation responsibility: IT Security Officer, Head of IT

Implementation responsibility: Administrator

In order to prevent activation of the monitor mode and booting in the single-user mode, the following safeguards should be implemented:

If it is possible (depending on the Unix variant and the underlying hardware platform), a BIOS password should be assigned to protect the Unix server.

When booting to the single-user mode, the super user password should be queried to make it more difficult for unauthorised users to gain access to the Unix server.

If keyboard locks are available, they should be used to protect the system console by preventing access to the monitor mode.

This safeguard is supplemented by safeguard S 4.21 Preventing unauthorised acquisition of administrator rights.

Review questions:

Has the access to the monitor and single-user modes been protected appropriately?
Is the super user password queried when booting to the single-user mode?

© Federal Office for Information Security. All rights reserved.