IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

Threats Catalogue Deliberate Acts Remarks<br />

____________________________________________________________________ .........................................<br />

T 5.9 Unauthorised use of <strong>IT</strong> systems<br />

Without mechanisms for the identification and authentication of users, any<br />

control over unauthorised use of <strong>IT</strong> systems is practically not possible. Even<br />

for <strong>IT</strong> systems provided using identification and authentication mechanisms in<br />

the form of user IDs and password verification, there is a risk of unauthorised<br />

use, if passwords and user IDs get disclosed.<br />

In order to guess the secret password, unauthorised persons could enter a<br />

possible password during the log-in process. Afterwards, the response of the<br />

<strong>IT</strong> system would show, whether the password was correct or not. In this way,<br />

passwords could be detected by trial.<br />

However, taking a suitable word as a password and trying out all user IDs is a<br />

much more efficient approach. If the number of users is large enough, a valid<br />

combination is often found in this manner.<br />

If the identification and authentication function can be abused, it is even<br />

possible to initiate automatic attempts by developing a program which<br />

systematically tests all conceivable passwords.<br />

Example:<br />

In 1988, the Internet worm exploited a vulnerability of the respective UNIX<br />

operating system to find valid passwords although the passwords were stored<br />

encrypted. To achieve this, the program tried all entries of a dictionary by<br />

encrypting them with the local encoding function and comparing them with<br />

the stored encrypted passwords. Where a correspondence was found, a valid<br />

password had been detected.<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!