S 4.24 Ensuring consistent system management

Initiation responsibility: Administrator, Head of IT, IT Security Officer

Implementation responsibility: Administrator

In many complex IT systems, e.g. under Unix or in a network, there is an administrator role which is not subject to any restrictions. Under Unix, this is the superuser root; in a Novell network, it is the SUPERVISOR or admin. Lack of restrictions result in a particularly high risk of error or abuse.

In order to avoid errors, operations should be carried out under the superuser log-in only when this is necessary; even the administrator should not carry out other work under the administrator ID. In particular, no programs belonging to other users may be invoked under the administrator ID. Also, routine system management (e.g. backup, configuration of a new user) should be possible only with menu control.

Division of tasks, regulations, and co-ordination are required to ensure that administrators do not perform any inconsistent or incomplete operations. For instance, a file must not be edited and changed by several administrators at the same time, as, in that case, only the version saved last would be preserved.

If there is a risk of the lines between the console and terminals being tapped, only the administrator may work on the console in order to prevent interception of passwords. During the administration of Unix systems, encrypted communication can take place with the Secure Shell protocol. This allows for secure administration from remote work stations (see also S 5.64 Secure Shell).

For all administrators, additional user IDs must be configured which will have only those restricted rights which the administrators need for performing tasks other than administration. For non-administrative activities, administrators should exclusively use these additional user IDs.

All changes made should be documented in order to make them traceable and to make division of tasks easier (see also S 2.34 Documentation on changes made to an existing IT system). For subsequent review of the administrator activities the Unix command script can be used to prepare a log of the commands entered. This command logs the entire terminal session in an ASCII file. If required, such file can be added to an electronic or printed administration journal.

Review questions:

• Are all requirements for securing a consistent system management implemented?
• Are administrative activities and system interventions documented?