IT Baseline Protection Manual - The Information Warfare Site

Threats Catalogue Deliberate Acts Remarks
____________________________________________________________________ .........................................
T 5.86 Manipulation of management parameters
Management systems can also be used for an attack on a local computer
system by deliberately causing incorrect configuration. The incorrect
configuration can be caused in various ways. In the process, it is possible to
manipulate both the management platform and the equipment it controls.
Network management systems which use SNMP are particularly susceptible
to attacks in which management parameters are deliberately configured
incorrectly (e.g. through the perpetrator's own SNMP client). Depending on
which parameters can be adjusted, the attacks range from simple "denial-ofservice
attacks" (e.g. by altering IP addresses) to data manipulation (e.g.
following the alteration of access rights).
If network components are controlled through a management system, then all
configuration parameters controlled by the management system should only
be changed through the management system. Depending on the management
system, however, it is also possible to change the configuration parameters of
the components locally. If a PC is controlled through a network management
system, e.g. via SNMP, then local users can alter the settings with a local
SNMP client program (if they know the SNMP password) or using a local
operational control (e.g. on a printer). This may just lead to inconsistencies in
the network management system, but could even be deliberately used to cause
gaps in the security. For example, it could later be made possible for a
Windows NT computer to query records released via SNMP and the network.
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000