T 5.86 Manipulation of management parameters

Management systems may also be used to launch an attack to a local computer system with the help of deliberate misconfigurations. Such misconfigurations may be caused in a variety of ways. Manipulations both to the management platform and to the administrated devices are possible. Network management systems using SNMP are particularly susceptible to attacks where management parameters are manipulated deliberately (e.g. by an SNMP client of the network). Depending on the configurable parameters, the attacks range from simple "denial-of-service" attacks (e.g. by changing IP addresses) up to data modifications (e.g. after changing access rights).

If network components are administrated by a management system, all configuration parameters administrated by the management system should only be changed by the management system. However, depending on the management system, it can still be possible to also change the configuration parameters of the component locally. If a PC is administrated by a network management system, e.g. via SNMP, a local user may use a local SNMP client program (when knowing the SNMP password) or a local control element (e.g. at a printer) to change the settings. This may at least result in inconsistencies in the network management system, but may also be used deliberately to cause security gaps. For example, the retrieval of shared directories via SNMP using the network could be allowed subsequently for a Windows computer.