T 0.23 Unauthorised Access to IT Systems

In principle, each interface of an IT system includes not only the possibility to legally use particular services of this IT system pertaining to this interface, but also the risk of unauthorised access to the IT system via this interface.

Examples:

• If a user ID and password have been spied out, any unauthorised use of the applications or IT systems protected by them is well possible.
• Using inadequately safeguarded remote maintenance access, hackers could gain unauthorised access to IT systems.
• When interfaces of active network components are inadequately safeguarded, it is possible that an attacker gains unauthorised access to the network component. If they also manage to overcome the local security mechanisms, e.g. obtain administrative privileges, they could perform all administrative activities.
• Many IT systems have interfaces for the use of interchangeable data storage, such as extra memory cards or USB storage media. In an unattended IT system with the corresponding hardware and software, there is a risk that large amounts of data can be retrieved or malicious software can be introduced this way.