IT Baseline Protection Manual - The Information Warfare Site

Threats Catalogue Deliberate Acts Remarks
____________________________________________________________________ .........................................
happen, for instance, if users fail to use different SNMP passwords (community
strings)), then the uncoordinated setting of configuration parameters may lead
to gaps in the security.
On the other hand, if components (such as printers) are used by two
administrative areas together and if, for example, the confidentiality of the
other administrative area (e.g. Windows NT network releases) was not set up
correctly, this can inadvertently lead to security problems if an unauthorised
third person is permitted access.
Non-integrated administrative software
In the administration of medium and large systems, after the management
system has been introduced, it may be the case that new components are to be
integrated into the system whose administration requires functions which the
management system in use does not support. This applies in particular to the
area of application management. If administrative software that cannot be
integrated into the management system is used for the administration of the
new components (e.g. via a programming interface or through the
implementation of what are known as gateways), then it is impossible to
integrate the components into the management system. Thus the new
components are not subject to the "automatic" management, making it
necessary to manage them "manually". The strategy laid down for the
management must now be applied to two systems. However, this can lead to
configuration errors which can cause gaps in the security.
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000