IT Baseline Protection Manual S 4.18 Administrative and technical means to control access to the system-monitor and single-user mode
S 4.18 Administrative and technical means to control access to the system-monitor and single-user mode
Initiation responsibility: Head of IT Section, IT Security Management
Implementation responsibility: Administrators
In order to prevent activation of the monitor mode and booting to the single-user mode, the following measures should be taken:
- Where possible (depending on the Unix variant and the respective hardware), a BIOS password must be assigned in order to protect the Unix server.
- When booting to the single-user mode, a superuser password query should be made in order to impede access by unauthorised persons to the Unix server.
- Where keyboard locks are available, they should be used for protection of the system console in order to prevent access to the monitor mode.
This measure is complemented by the following:
- S 1.32 Adequate siting of the console, devices with exchangeable data media, and printers
- S 4.21 Preventing unauthorised acquisition of administrator rights
Additional controls:
- Is access to the console protected by passwords or other means?
© Copyright
by
Bundesamt für Sicherheit in der Informationstechnik |
July 1999 |
|