S 5.46 Installing stand-alone-systems for Internet use

Initiation responsibility: Head of IT Section

Implementation responsibility: Administrators

To reduce the threat of attacks from the Internet on local data or a computer in a LAN, it is wise to install computers that are only networked with the Internet and do not possess any further network connection to a LAN.

Different operating systems offer various possibilities for the confidentiality and integrity of data on this computer as regards respective threats.

It is important to observe that no unnecessary programmes are installed when installing Internet-access software. Some products and operating systems offer the possibility of converting the computer into a complete Internet-server via the installation of server-programs. The installation of TCP/IP software allows a complete two-way connection, via which data can be sent into the Internet as well as collected from it.

Under Unix, for example, it must be observed that daemon processes do not get started. This normally happens when booting or with the help of inetd. The appropriate entries must be removed from the configuration files ( rc.* and inetd.conf). The software (PPP, SLIP) must be installed in such a way that a connection from the Internet cannot be established.