S 5.92 Secure connection to the Internet of Internet PCs

Initiation responsibility: IT Security Officer, Head of IT

Implementation responsibility: Administrator, Head of IT

In order to properly operate an Internet PC, secure connection to the Internet is particularly important due to the specific application scenario. Therefore, the Internet connection should be planned carefully. In doing so, the following sub-aspects should be taken into consideration.

Selection of a suitable Internet service provider (ISP)

An ISP is used to establish the connection to the Internet, providing the technology and services required for using the Internet. The providers available in the market differ regarding scope, quality, and price of the services. The selection of a suitable ISP must be made based on the requirements regarding the Internet connection:

• Does the ISP offer the required connection technology, i.e. modem, ISDN, DSL, etc.?

• Does the ISP meet the requirements for minimum and/or average bandwidth and availability of the Internet access? For this, test reports in specialist magazines should also be used.
• Does the ISP offer the required additional services, e.g. for email or news, or should another service provider be used for this?

• Does the ISP provide the required security mechanisms for the offered services? Are proxy servers provided for WWW and FTP, for example, and may email also be retrieved protected by SSL?
• Does the ISP provide information about the handling of personal data or information about the government agency and/or company? Does this information meet the organisation's own requirements for data protection?
• ISPs offer different price models for Internet connection. For example, a differentiation between lump-sum, time-dependent, and volume-dependent fees must be made. Is the price model suitable for the purpose of the Internet PC?

• The requirements for the availability of the Internet connection should be used to check whether it is necessary to conclude contracts with two or even more providers for reasons of redundancy.

Further recommendations regarding the appropriate selection of an Internet service provider can be found in safeguard S 2.176 Selection of a suitable Internet service provider.

Procurement of suitable network components for Internet access

Depending on whether the Internet connection is designed to supply only a single Internet PC or an entire pool of such Internet PCs, there are different requirements regarding the hardware components required for this. The following aspects should be considered for procurement:

• If an individual Internet PC is to be connected to the Internet, a modem or an ISDN card is used in many cases. Compatibility issues between these devices and the dial-in server with the ISP rarely occur anymore. Modems and ISDN cards are very reasonably priced and can be replaced quickly in the event of technical defects. If there are increased requirements regarding availability, backup devices should be available.

• If an Internet PC pool is to be supplied or if high bandwidths are required for other reasons, specific routers, e.g. DSL routers, are often used for Internet connection. If the devices are not provided by the ISP, precise consultation is required in order to avoid compatibility problems. In the event of increased availability requirements, it should be checked whether the ISP offers corresponding services, for example router replacement during a certain period of time, storage of a backup device, etc.

Secure configuration and operation of the Internet connection

The following recommendations should be taken into consideration for secure and proper operation of the Internet connection:

• All configuration settings for the Internet connection should be documented so that they can be restored quickly and deviations can be detected in the event of a loss of data.

• For accesses using the protocols HTTP and FTP, so-called proxy servers should be used as far as possible. These proxy servers direct queries of clients to the desired HTTP and/or FTP server as "substitutes". Amongst other things, this results in the advantage of being able to configure more restrictive rules on any packet filters used. ISPs normally operate corresponding proxy servers.

• Servers with the ISP or on the Internet which are used more often, e.g. email servers, proxy servers, etc., should always be contacted using their IP address. These IP addresses should be set fixedly in all corresponding components. This reduces the risk of so-called DNS spoofing attacks.
• If an Internet access with dynamic IP addresses is used, the connection should be disconnected from time to time so that the client is assigned a new IP address during the next dial-in procedure. This is particularly important for lump-sum fees (flat rate). Targeted attacks are made more difficult by such changes to the IP address.
• Preset passwords, e.g. for dialling in with the Internet service provider, must be changed. Recommendations regarding this can be found in S 2.11 Provisions governing the use of passwords.
• Access to the configuration files for the Internet connection should be restricted to the responsible administrators, if the operating system used allows this setting.
• If the communication software used or the modem, ISDN, or DSL devices used offer remote control functions, these must be disabled or protected well.
• If the Internet connection is established using a dial-in procedure, the numbers for dialling in with the ISP must be entered permanently.

• The modem and/or the ISDN component should interrupt the connection once the user logs out and/or terminates the Internet application.
• If it is possible to select between the PAP and the CHAP procedure regarding the authentication when dialling in with the Internet service provider, CHAP should be used preferably. This way, the authentication data is not transmitted in clear text (see also S 5.50 Authentication via PAP/CHAP).
• All functions that are not required, e.g. enabling the communication link from the outside, must be disabled. Incoming calls must not be answered.
• The destination addresses used and the set parameters should be checked occasionally (see also S 5.29 Periodic checks of destination addresses and logs).

Review questions:

• Does the Internet service provider meet the availability requirements regarding the Internet access?
• Does the ISP provide the required security mechanisms for the offered services?
• Does the information provided by the ISP regarding the handling of personal data meet the data protection requirements of the organisation?
• Has the procurement of suitable network components for Internet connection been coordinated with the requirements of the organisation?
• Have the configuration settings for the Internet connection been documented?
• Has the access to the configuration files for the Internet connection been restricted to the responsible administrators?
• Are the remote control functions of the communication hardware and software used disabled or protected against unauthorised accesses?
• For dial-in Internet connections: Are the numbers of the ISP entered permanently?
• Has it been ensured that authentication data of Internet PCs is not transmitted in clear text?
• Have the functions and services of Internet PCs not required for the Internet connection been switched off and/or disabled?