S 4.356 Secure installation of groupware systems

Initiation responsibility: Head of IT, IT Security Officer

Implementation responsibility: Administrator

The aspects described in the following must be taken into consideration for the installation of a groupware system, because the course for the security of the system is already set during the installation phase.

Securing the operating systems used

The components of a groupware system are installed as applications on IT systems such as servers and clients and executed in the form of processes. Therefore, the security of the operating system used in each case is also important for the security of the groupware system. The modules of the IT-Grundschutz Catalogues relevant to the IT systems used must therefore be included and implemented in the modelling process.

A groupware system potentially consists of numerous components of all different kinds. Unused components of all types pose security risks, though, since they are often forgotten and their default configurations left unmodified. Therefore, unused components must be excluded from the installation or disabled later as far as possible.

During installation, it is already necessary to enter important authentication data. For example, this includes passwords for service users used by the groupware system components for authentication with internal communication connections.

It must be ensured that secure passwords are selected in so doing (see also S 2.11 Provisions governing the use of passwords). The passwords should be selected based on the internal password policies. A new password should be entered even if the installation routine assigns a default password.

Within the framework of the risk analysis for the groupware system, it must be remembered that the administrator who installs the groupware system and defines the passwords is capable of undermining the security mechanisms of the groupware system. The technical users the administrator specifies passwords for generally possess high privileges. For this reason, the passwords must be changed after installation by trustworthy administrators. This should be enforced technically. For administrator accesses where no separation of roles is possible, consideration should be given to dividing the password so that the password is entered using the two-man rule, with one of two administrators entering half of the password in each case.

Normally, groupware systems are not installed directly from the supplied data media. Instead, a directory structure created locally or in the network is used to provide the respective IT systems with the data needed for the installation. It is recommended to not to store the data locally on the computer the respective groupware components will be installed on, but to store it on a separate installation computer in the LAN instead. In large government agencies and companies, this directory may be used to install additional groupware systems. If the systems are not installed in a separate and isolated network segment, the installation computer should be disconnected from the network as long as it is not needed. The function for sharing the server should be disabled as a minimum.

Access to the installation sources must be secured using the resources provided by the operating system in such a way that only authorised administrators are able to access them. Unauthorised users must not have any rights enabling access to the installation sources, especially write privileges, so that the data on the installation sources cannot be changed. If the installation sources are stored locally on the computers of the groupware system, these sources should be deleted upon completion of the installation.

Secure installation and configuration of the system landscape

The components required for operating the groupware system (e.g. the security gateways as well) must be installed and configured according to the planned system landscape.

Review questions:

© Federal Office for Information Security. All rights reserved.