IT Baseline Protection Manual - The Information Warfare Site

Threats Catalogue Deliberate Acts Remarks
____________________________________________________________________ .........................................
T 5.52 Misuse of administrator rights in Windows
NT systems
Improper administration occurs when legitimately or non-legitimately
acquired administrator authorisations and rights are deliberately used to
damage the system or its users.
Example:
By improper use of the right to assume ownership of any files, an
administrator, under Windows NT, can gain access to any files, even though
their owner has explicitly refused him such access by means of appropriate
access permissions. However, the gaining of access can be recognised by the
original owner of the files, as the administrator has to make himself the owner
of the files concerned in the process, and under Windows NT no function is
available to undo this change again. Nevertheless, the administrator can gain
access to user files without being noticed by, for example, registering with the
backup operators’ group and making a backup of the files he wishes to read.
There are various opportunities for exploiting administrator rights in an
improper manner. These include illegal access to files, changes to the logging
settings and the specifications for user accounts. Other possibilities of misuse
lie in the falsification of protocol details, by altering the system time, or in the
detailed tracking of the activities of individual users.
Depending on the underlying hardware, where it is possible to gain access to
the console and the system cabinet, the system can be booted up. This may
enable the configuration to be manipulated if boot-up can be performed by an
outside medium or if another operating system can be selected.
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000