S 5.8 Regular security checks of the network

Initiation responsibility: IT Security Officer, Head of IT

Implementation responsibility: Administrator

The network administrator should perform regular security checks (at least monthly) on the network. Programs which provide the relevant functions are available for practically all operating systems or are even supplied with the operating system or operating system distribution.

The following points serve as examples of what should be included in a security check of this kind:

• Are there any users without a password?
• Are there any users who have not used the network for some time?
• Are there any users whose passwords do not meet the prescribed requirements?
• Which users have the same rights as the database administrator?
• Are system programs and system configuration unchanged and consistent?
• Do the authorisations for
  • system programs and system configuration,
  • application programs and application data, and
  • user directories and user data
  meet the requirements laid down in the security guidelines?
• Which network services run on the individual systems? Are they configured in accordance with the requirements laid down in the security guidelines?

Penetration tests can also be integrated in a regular security check in the local sub-network. The "degree" of the penetration tests can be varied (e.g. simple automated checks on a weekly basis, more in-depth test once a month with some manual checks, fundamental test of entire network once a year).

Various programs with the relevant functions for Unix systems are covered in S 4.26 Regular security checks of Unix systems.

When performing security checks, the network administrator should document the steps taken such that they can be retraced (e.g. if the system is under suspicion of being compromised). The results of the security check must be documented and instances of non-conformity with the "target state" must be investigated.

Review questions:

• Are regular security checks (at least monthly) of the network performed?
• Are all important points included in the security checks?
• Are the date and time as well as the results of the security checks documented?
• Are instances of non-conformity with the target state revealed by security checks investigated and are additional safeguards implemented?