IT Baseline Protection Manual - The Information Warfare Site

Threats Catalogue Deliberate Acts Remarks
____________________________________________________________________ .........................................
T 5.46 Masquerading under WfW
WfW is not able to identify users reliably as every user of a WfW computer
can change the computer name and the log-on name. Therefore masquerading
is easily possible. Thus, a potential perpetrator may share a directory with
damaging programs inside with all employees working under WfW and
connected to the same network, using a false name on his computer. He can
also try to get unauthorised access to the directories of others. The person to
whom damage is caused will be misled about the true identity of the person
concerned. In the same way, a perpetrator could easily carry out
communication functions under WfW (e.g. using the telephone function)
using a false name and mislead the recipient about the identity of the true
sender. It is also possible to prevent a specific computer from logging on
under WfW by logging on in its name ahead of it under WfW.
Under Windows 95 and Windows NT, it is possible to prevent the user from
changing the log-on name or the computer name via the appropriate system
guidelines.
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000