LIBRARY

VOLPE JOURNAL

HIGHLIGHTS

PUBLISHED AND
PRESENTED

BIBLIOGRAPHIES

TRANSPORTATION
STRATEGIC PLANS

LINKS

 

Appendix B: Industry Recommendations for Information System Configuration

Identification and Authorization

Unique UserID

Assign each user a unique user identification code (userID) for accountability and audibility.

Invalid ID/Password

Appear to perform the entire user authentication procedure even if the userID or password entered is invalid. Error feedback shall not indicate which part of the authentication information is incorrect.

Incorrect Login Attempts

Terminate the login session if the user fails to enter the userID and password correctly:

1. After three (3) login attempts.
2. After failed login attempt, the system shall send an alarm message to the system console and/or to the administrator's terminal, and log this event in the audit trail.

User Account Data

Maintain, protect, and display status information for all active users and user accounts (enabled and disabled).

Passwords

Require authentication (i.e., passwords, tokens, biometrics) to login. When passwords are used :

1. Minimum password length: six characters
2. Minimum password complexity: at least one alphabetic and at least one numeric (e.g., 5,7) or special (e.g., #,+) character.
3. Listing of excludable passwords (e.g., common names).
4. Do not indicate to user if she/he has chosen a password already associated with another user
5. Store passwords in a one-way encrypted form.
6. Do not transmit unencrypted passwords over the network
7. Limit access to encrypted passwords, if any, to system administrators
8. Automatically suppress or fully blot out the clear-text representation of the password on the data entry/display device.
9. Prohibit logins without passwords (i.e., null passwords).
10. Permit only authorized administrators to set/reset temporary passwords (which users must change on first login).
11. Require users to change their passwords at least every 180 days (if users are authorized).
12. Require system administrators to change passwords at least every 30 days.
13. Prohibit the reuse of passwords by the same user for at least six months.
14. Provide an automatic capability for ensuring the complexity of user-entered passwords that meets the following:

System Warnings

Warning banner

Display, prior to initiating the system login procedure, the warning banner, regarding keystroke monitoring,, unauthorized use, and consequences.

Concurrent login sessions

Limit the number of times a single user can log into the system from different workstations. The default is a single login session.

User Access Profile

Grant system entry to a user only if the system administrator has created a user access profile.

Time Restrictions

Allow or deny system entry based on specified ranges of time:

• Time-of-day
• Day-of-week
• Calendar dates

Port of Entry

Allow or deny system entry based on means or port of entry:

• Specify the users authorized to access the system via dial-up lines.
• Specify the location (e.g., workstation) from which a user may have access to the system.
• Specify the privileges a user has for ports of entry (e.g., limited to "Read-Only" for dial-in access).
• External networks connect through a controlled point of entry such as a firewall (IP filters, etc.).

Check for Prior Unauthorized Users

Upon a user's successful entry into the system, the system shall display the following to the user and shall not remove it without user intervention.

• Date and time of the userID's last successful entry into the system;
• Means of access and port of entry of the userID's last successful entry to the system;
• Number of unsuccessful attempts to access the system since the last successful entry by that userID.

User Inactivity (Timeout)

Terminate an interactive session after an administrator-specified interval of user inactivity. The default shall be fifteen minutes.

User Access Form

Have each user sign a "User Access Authorization/Revocation" form.

Access Control

Authenticated users only

Permit only authenticated user-IDs to have access to the system and its resources.

Basic Access Control

System administrators shall define and control the access of subjects (e.g., users, groups) to objects (e.g., directories, files, resources) using defined access rights (e.g., read, write, execute).

Groups

Provide group capabilities to:

• assign access rights to group identities
• associate a user identifier with one or more groups
• display and modify the users in a group

Access Control List

For each object requiring control, provide an access control list, which specifies the minimum users/groups that need access and their specific access rights (e.g., read write, create, delete).

Administrators/owners

Restrict the creating/modifying/deleting/revocation of access control privileges by authorized administrators only and owners of specific objects.

Check Access Rights

Check a userID's access rights to an object, at a minimum, when access to that resource is initiated.

Security Audit Trail

Create, maintain, and protect a security audit trail of user and administrator actions so that security relevant events can be traced to a specific user for accountability.

Events Recorded

At a minimum, cause a record to be written to the security audit trail for at least the following events:

• User logins, both successful and failed.
• Attempts to access objects (e.g., resources) or perform functions that are denied by lack of privileges or rights.
• Successful accesses to security-critical objects (e.g., data with high sensitivity).
• Changes to users' security privileges/profiles.
• Changes to the system security configuration.
• Modification of system-supplied software.
• Creation and deletion of objects.

Event Data

For each recorded event, the audit record shall identify, at a minimum:

• Date and time of the event.
• UserID and associated point of physical access (e.g., node, port, network address, or communication device.
• Type of event.
• Names of resources accessed.
• Success or failure of the event.

Passwords

Do not record passwords in the security audit trail.

Alternate Storage Area

Provide for automatic copying of security audit trail files to an alternate storage area after a specified period of time (e.g., so that files are not inadvertently copied over in the event of a full buffer).

Reports

Generate audit trail reports on a periodic basis or as immediately needed (e.g., when a system alarm detects a security problem).

Security Management

Installation

Provide an installation capability for initializing security-related parameters before user attributes are defined.

Maintenance Mode

Distinguish between normal mode of operation and maintenance mode, and provide a maintenance-mode mechanism for recovery and startup.

Display/Modify

Provide security controls for displaying and modifying the security policy parameters (e.g., identification, authentication, system entry and access control parameters for the entire system and for individual users.

Systemwide Set-up

Have a capability to define the identification and authentication parameters on a system-wide basis (e.g., password minimum and maximum lifetime, password length and complexity).

Restricted Access

Provide restricted access capabilities for displaying, modifying, or deleting user account information.

User Attributes

Provide a means to uniquely identify: (1) security attributes for a user, and (2) all the users associated with an attribute and (3) definition and maintenance of groups.

Define/Maintain Security Controls

Be capable of defining and maintaining the security controls for subjects (e.g., users, groups) and objects (e.g., directories, files, resources) using defined access rights (e.g., read, write, execute).

Maintenance

Provide security controls for routine control and maintenance of system resources: enabling and disabling of peripheral devices, mounting of removable storage media, backing-up and recovering user objects; maintaining the system hardware and software elements (e.g., on site testing); and starting/shutting down the system.

Other Protected Features

Trusted Path

Generate a trusted communication path between itself and the user for initial identification and authentication. Communications via this path shall be initiated exclusively by a user.

Logical System Protection

Operating system isolation/protection from external interference and tampering (e.g., by reading or modification of its code).

System Self-Checking

Features to validate correct operation of hardware/firmware, including: power-on tests, load tests, and operator-controlled test.

System Initialization and Recovery

Ensure security features are fully restored

Unix and Solaris Technical

1. Have all non-required services been removed from internet daemon, inetd.conf.
2. File Transfer Services: Has .netrc been banned from clients' home directory.
3. Has root been placed in /etc/ftpusers or /usr/etc/ftpusers to prevent root from logging in using FTP.
4. Has sendmail been removed.
5. Has .telnetrc been banned from clients' home directory.
6. Has rhosts been disabled.
7. Has rlogind been disabled.
8. Has rshd or remshd been disabled.
9. Has fingered been disabled.
10. Have all security patches been installed.

Return to Top

---

Next Section