T 2.59 Operation of non-registered components

Normally, the system administrators should be familiar with all components of a network. On an organisational level, it must be guaranteed that new components are registered with and approved by the system administrators, e.g. with the help of an automatic notification from the Purchasing Department or a corresponding application from the organisational unit operating the components.

Non-registered components are a security risk, since they are not integrated into organisational in-house procedures and controls. On the one hand, this may result in risks for the users of the non-registered components (e.g. loss of data, since the system is not integrated into the data backup scheme), but also in threats for other network components, e.g. non-registered access points to the network may cause vulnerabilities if these are protected poorly or not at all against unauthorised access. Since such a component is not subject to the control of the network management and/or system management teams, misconfigurations of the local system may particularly result in a security gap.

Example:

The administrator uses the system management system to administrate the passwords (community names) for the network management system used, which is based on SNMP. A work group decides to purchase a new network PC, but forgets to register this new PC with the central administration. The default setting for the password (community name) of the local SNMP daemon is "public". This password is well known. Attackers may now launch an SNMP-based attack, since they have full access to the SNMP data. The PC compromised in this way may serve as the starting point for further attacks to the internal network. For example, password sniffers may be installed.