Use of File Services

2001/06/07 by CSO

These subsidiary rules to Operational Circular Nº5 are for administrators and users of file services. The term file services covers any software used to store or transfer data. Some examples are ftp, web, AFS and the NICE file system (i.e. DFS).

Misconfigured or insufficiently protected computers and applications can expose the Organisation to security risks. File services with insufficient access controls can become a target for illicit use, such as unauthorised distribution of commercial software or copyright music, e.g. Peer-to-Peer applications.

Rules

  • Those responsible for computers offering file services, must take proactive and adequate measures to protect the operating system and applications from known security weaknesses.
  • Users of file services must protect their data from unauthorised access.
  • Administrators and users of file services must implement access controls to prevent:
    • unauthorised storage of data
    • unauthorised access to data protected by copyright, license or other agreements
    • unauthorised access to confidential data