IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

Threats Catalogue Deliberate Acts Remarks<br />

____________________________________________________________________ .........................................<br />

T 3.40 Inappropriate use of authentication services<br />

with remote access<br />

<strong>The</strong> RAS user’s identity must be determined during logon. This typically<br />

entails the use of authentication mechanisms which are based on user<br />

administration facilities involving the storage of authentication data. RAS<br />

systems offer several options for the storage of user data: separate user<br />

administration facilities, use of the user administration facilities of the<br />

operating system, use of authentication servers (with separate user<br />

administration). If different user administration systems are used for RAS and<br />

the operating system, it is possible if there are lapses in organisational<br />

processes for inconsistencies to come about in the two sets of data. This can<br />

lead to the establishment of connections which are not permitted and to<br />

unauthorised data access. Separate administration is therefore not<br />

recommended.<br />

Example<br />

- When an employee leaves the organisation, his user account is not deleted<br />

in the RAS user administration software. <strong>The</strong> former employee can<br />

therefore continue to dial in via RAS access and access all generally<br />

accessible data. Access can also be used to initiate other attacks.<br />

Many client components for remote access allow the data necessary for<br />

authentication to be locally stored after it has been entered once so that when<br />

further connections are subsequently established it is no longer necessary for<br />

the user to enter the data. However, this procedure can be dangerous if the<br />

RAS client is subject to unauthorised access. <strong>The</strong> authentication mechanism<br />

can then no longer perform its intended role. As a result, unauthorised persons<br />

may be able to access the local network which can be accessed over a RAS<br />

link from the client concerned, thus endangering the security of these local<br />

network. Storage of keys for data encryption or digital signatures on the RAS<br />

client carries a similar risk.<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000<br />

Inconsistent RAS user<br />

administration<br />

Storage of<br />

authentication data on<br />

the RAS client

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!