S 6.52 Regular backup of configuration data of active network components
Initiation responsibility: IT Security Officer, Head of IT
Implementation responsibility: Administrator
High requirements must be placed on the availability of central active network components, since a large number of users usually depend on the smooth operation of a local network. To allow operations to be resumed as quickly as possible following the occurrence of an error, all configuration data of the active network components must be backed up electronically (see also S 6.32 Regular data backup). In principle, such backups can be performed locally on the individual components or via the network using a network management tool. If the data is backed up electronically, the corresponding configuration can be restored more quickly and reliably, thus eliminating the need for time-consuming manual entries. The data can be restored either automatically, for example, by means of a central network management tool or manually by an administrator.
When backing up configuration data via the network, however, it must be noted that, in contrast to a local backup, it might be possible for potential attackers to read and thus obtain security-critical information on the configuration of the active network components, such as passwords, and consequently details on the overall network configuration. In general, the Trivial File Transfer Protocol (TFTP) or Remote CopyProtocol (RCP) is used; wherever possible, RCP with authentication should be used (see S 5.20 Use of the security mechanisms of rlogin, rsh, and rcp). TFTP, however, does not offer any mechanisms for protection against unauthorised access to configuration data (see also S 5.21 Secure use of the telnet, ftp, tftp and rexec), and so its use is not recommended.
For all backup methods, a test is required to ascertain whether the backup was performed properly and whether the configuration data can be restored. This applies in particular to backups performed via the network, because the occurrence of an error may result in a situation in which restoration via the network is no longer possible.
Review questions:
- Have the configuration data of the active network components been backed up at regular intervals?
- Are insecure protocols (e.g. lack of encryption for TFTP, FTP) avoided when backing up data?
- Is the restorability of the configuration data of the active network components from the backup checked?