IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

START NOW

Threats Catalogue Deliberate Acts Remarks<br />

____________________________________________________________________ .........................................<br />

T 5.93 Permitting use of RAS components by third<br />

parties<br />

If RAS components are deliberately made available to unauthorised persons,<br />

then the security of the RAS system can no longer be assured (see also T 3.30<br />

Unauthorised private use of telecommuting workstations). <strong>The</strong> resulting<br />

possible threats are set out below.<br />

- Unauthorised RAS access could occur if the security guidelines are not<br />

adhered to. For example, it is a common occurrence for administrators to<br />

allow RAS dial-in to unauthorised persons (e.g. for use of the Internet) out<br />

of mistaken friendliness.<br />

- RAS users give authentication data or tokens to unauthorised third parties<br />

to enable them to access the LAN remotely (under their ID). Possible<br />

motives for doing this might include the fact that a colleague is not<br />

authorised under the RAS security concept to use remote access or has<br />

forgotten to apply for RAS permission in good time before a business trip.<br />

As one RAS user account is now being used by several users, in case of<br />

damage it will no longer be possible to unequivocally identify the person<br />

responsible.<br />

- Where telecommuting is permitted, the problem often arises that the RAS<br />

client is used by members of the family or friends of members of the<br />

family. If persons who are outside of the organisation are using the RAS<br />

client, they will generally ignore the security rules which apply to the RAS<br />

client. As a result, the security of the LAN can be compromised.<br />

<strong>The</strong> possibility that <strong>IT</strong> systems in remote locations will be used by third<br />

parties can never be excluded as the security mechanisms of an <strong>IT</strong> system can<br />

be circumvented once physical access has occurred.<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000<br />

Unauthorised use of<br />

RAS access<br />

Passing on of<br />

passwords or token<br />

Unauthorised use in the<br />

private environment

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!