IT Baseline Protection Manual - Chapter 6.2 Unix network
6.2 Unix network
Description
Networked Unix systems consist of computers running
on the Unix operating system and offering services (as
servers) for other IT systems within a network, or making
use of such services themselves (as clients).
In this chapter, the threats and safeguards described are
specifically for Unix networks. Additional threats and
safeguards applying to server-supported networks can be
found in chapter 6.1.
Threat Scenario
The following typical threats (T) are assumed as regards IT baseline protection of a UNIX server:
Organisational Shortcomings:
T 2.15 Loss of confidentiality of sensitive data in the UNIX system
T 2.23 Security flaws involved in integrating DOS PCs into a server-based network
To implement IT baseline protection, selection of the required packages of safeguards ("modules"), as described in Sections 2.3 and 2.4, is recommended.
In the following, the safeguard package for "UNIX servers" is set out.
Some measures refer to the configuration of the various servers; other measures will have to be implemented by servers and clients in order to become effective. For any clients connected, the safeguards outlined in chapter 5 must be implemented.
It is advisable to install the server in a separate server room. The appropriate measures are described in Chapter 4.3.2. If no server room is a available, a server cabinet should be used (c.f. Chapter 4.4).
In addition, the following measures will have to be taken:
Infrastructure:
S 1.28 (1) Local Uninterruptible Power Supply (UPS)
Organisation:
S 2.33 (2) Division of Administrator roles under UNIX