T 2.36 Inappropriate restriction of user environment

Most operating systems offer the ability to restrict the user environment of every user on an individual basis. On operating systems where this is not the case, special security products can generally be used instead. There are basically two ways to restrict a user environment in this case:

• Certain functions are allowed, while all other functions are prohibited.
• Certain functions are prohibited, while all other functions are allowed.

In both cases, it is possible to restrict the users to such a great extent that they cannot execute the most important functions or may not even be able to work reasonably and efficiently with the IT system any more.

Another way of restricting a user environment is to limit the amount of disk space available to a user. If the disk space of a user is exhausted, the user will not be able to store any more information. Depending on how the affected IT systems are partitioned, this may affect numerous users and applications. If the data and system partitions were not separated in advance, the entire IT system may fail, because no more disk space is available to store data from the memory in the swap file on the hard disk, for example.

Examples:

• In one company, the administrator only provided the users with a small amount of storage space on the email server by setting low disk quotas in order to force the users to be more disciplined. The intention was to force the users to store their emails in their corresponding working directories instead of in their email inboxes. However, this caused the email inboxes to become full after just a few emails, and the users were not able to receive any more emails once their inbox was full.
• In a government agency, it was decided to record certain security-relevant information such as login attempts for a one-year period in a log. However, since there was never enough space on the server for the logged data, the log files were always automatically deleted after just one week. When it was discovered that business data had been manipulated, the company was able to discover the corresponding security gap, but it was impossible to determine who exploited the security gap and how they did it.