IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

START NOW

Threats Catalogue Deliberate Acts Remarks<br />

____________________________________________________________________ .........................................<br />

T 2.59 Operation of non-registered components<br />

As a rule, all components of a network should be known to the system<br />

administration. On an organisational level, it should be guaranteed that new<br />

components are registered with and released by the system administration, for<br />

example through automatic reporting from the purchasing organisation or a<br />

corresponding request from the organisational unit operating the components.<br />

Non-registered components are a security risk as they are not integrated in<br />

organisational in-house processes and controls. On the one hand, this can<br />

cause problems for the users of non-registered components (e.g. loss of data,<br />

as the system is not integrated into the data backup). On the other hand, it can<br />

also jeopardise other network components. For example, weaknesses can arise<br />

through unrecorded access points to the network if they are poorly protected<br />

against unauthorised access or not even protected at all. In particular, as such<br />

components are not controlled by the network management and/or the system<br />

management, errors in the configuration of the local system can lead to a gap<br />

in security.<br />

Example:<br />

<strong>The</strong> administrator uses the system management system to maintain the<br />

passwords (community names) for the network management system in use<br />

which is based on SNMP. A workgroup buys a new network PC but forgets to<br />

report this to the central administration. At installation, the password<br />

(community name) for the local SNMP demon is set to "public". This<br />

password is well-known. Perpetrators can now start an SNMP-based attack, as<br />

they have full access to the SNMP data. A PC compromised in this way can<br />

serve as a starting point for further perpetration to the internal network. For<br />

example, password sniffers could be installed.<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!