IT Baseline Protection Manual - The Information Warfare Site

Threats Catalogue Deliberate Acts Remarks
____________________________________________________________________ .........................................
T 4.33 Poor-quality or missing authentication
Authentication mechanisms can be used to authenticate users or components,
or to determine the origin of data. If authentication mechanisms are missing or
if the quality is too poor, there is a risk that
- unautorised persons can gain access to IT systems or data,
- the causes of problems cannot be identified or
- the source of data cannot be determined.
Gaps occur in the security
- when users are authenticated, for example if users choose passwords which
are easy to guess or if they never change their password,
- when components are authenticated, for example if default passwords are
not replaced by individually-chosen ones following the installation of an IT
system, if the passwords which are permanently entered in many IT
systems are never changed again, or if the passwords are not kept safely
and nobody can remember the vital password after the system has crashed.
- in the choice of procedure, for example if it is completely useless or gaps
in the security are known which are not reacted to while the system is in
operation.
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000