T 5.10 Abuse of remote maintenance ports

Remote maintenance ports allow for access to IT systems from the outside. Where remote maintenance ports are insufficiently protected, it is conceivable that unauthorised persons may get access to these IT systems without being noticed, under certain circumstances even with administrative authorisations. For example, attackers would be able to perform all administration tasks, once they have mastered the authentication mechanisms such as password entry. If the system fails completely or experiences serious operational disruptions, corrupt data, or the loss of the confidentiality of all data stored on the affected IT system, then the result could be significant financial losses under some circumstances.

Examples:

• The Remote Support Facility (RSF) is generally used on mainframe computers running the z/OS operating system to report system errors to the manufacturer. RSF can also be used by the manufacturer to install patches to the microcode. The misuse of the RSF remote access capability in z/OS systems therefore poses a serious threat.
• Because the password policy was poorly implemented or the password policy was too weak, the password for a maintenance computer of a telecommunication system could be discovered by systematic trial-and-error (using a dictionary attack). Once the attacker had mastered the password of the system, he was able to administrate the telecommunication system according to his own needs.