S 4.91 Secure installation of a system management system

Initiation responsibility: IT Security Officer, Head of IT

Implementation responsibility: Administrator

The installation of a system management system calls for extensive and careful planning. After system analysis has been performed (see S 2.168 IT system analysis before the introduction of a system management system), the management strategy has been laid down (see S 2.169 Developing a system management strategy) and an appropriate management system has been selected (see S 2.171 Selection of a suitable system management product), the installation of the product must be planned in detail and implemented accordingly. Depending on the architecture on which the management product is based, the actual management system configuration for the local network must be created, taking into account the stated management strategy in particular.

To install most management systems, management software which assumes the responsibility for communication between management console or servers and the local computer has to be installed on the computers involved. It is often also necessary to install database systems, in which the management information is permanently stored by the management software, on the central computers (servers or gateways). Depending on the product, integration into an existing database system may also be possible. In general, additional software to be installed places requirements on the computer's local resources. During planning, attention must therefore be paid to what system resources are locally available. Under certain circumstances, individual systems must be upgraded. These costs should be taken into consideration when selecting the management product.

In addition to these criteria, which are essentially intended to guarantee regulated technical system operations, the software associated with the management system and the corresponding data must be included in the determination of protection requirements in accordance with IT-Grundschutz (see BSI Standard 100-2 IT-Grundschutz Methodology) and the protection requirements must be classified as "high" to "very high" from a security perspective. Compromising the management system can not only cause the entire network to fail, undetected changes to the system may also considerable damage which can very rapidly take on existence-threatening forms.

Particular attention should be paid to the following aspects for installation:

• All computers on which management information is stored must be given special protection:
  • Safeguards of the modules form Layer 3 must be performed depending on the respective system.
  • The operating system mechanisms in particular must be configured in such a way that unauthorised access to locally stored management information is prevented.
  • Access to the management software must be granted only to authorised administrators and auditors.
  • Access to the computers should be restricted.
• Communication between the management components should be encrypted, provided that this is supported by the product, in order to prevent unauthorised users from eavesdropping and gathering management information. If the product does not support encryption, special measures must be taken to safeguard communications (see S 5.68 Use of encryption procedures for network communications).

Review questions:

• Is the locally stored management information protected against unauthorised access?
• Are only authorised administrators and auditors granted access to the management software?
• Is access to the computer with management software restricted?
• Are communications between the management components encrypted or protected adequately by other safeguards?