T 2.125 Lack of, or inadequate, planning of access to the directory service

If the assignment of system and data access rights for or to the directory service are inadequate or are controlled using inappropriate tools, then this could quickly lead to serious security gaps, for example due to chaotically assigned rights. The administration of system and data access rights is an extremely labour-intensive task in which, in extreme cases, numerous work steps may need to be performed manually, and this can then lead to errors and a lack of an overview of the work performed.

In organisations in which there is no overview of all users set up on the various IT systems together with their rights profile, this lack of an overview usually leads to the existence of user accounts for users who have left the organisation a long time ago or to users accumulating too many rights due to their constantly changing tasks.

If the tools for the administration of the site and data access rights were poorly chosen, they will often lack the flexibility to adapt to changes in the organisational structure or to migrations to other IT systems.

The roles of the users may have been separated improperly, which may then result in security gaps, for example by incorrectly assigning users to user groups or granting users rights that are too extensive. Users may have been assigned roles that do not correspond to their tasks (too many or too few rights) or to which they should not have been assigned due to the tasks they perform (role conflicts).

The users often access the directory service over an LDAP interface, which is a widely used Internet standard. This access requires detailed planning, especially in terms of the directory service rights needed to use the applications sensibly. The planning of the LDAP access therefore depends primarily on the operational scenario of the directory service.

Inadequate planning regarding whether or not data, and if so which data (for example user passwords) is allowed to be transmitted in plain text can lead to inconsistencies or contradictions with the internal security policies of the organisation. Incorrect planning of the safeguards and security technologies of the directory service to protect confidential data can lead to incompatibilities or even to the failure of the encryption component.

The lack of a root certificate in the directory service or an unverifiable chain of certificates prevents mutual authentication for the use of the directory service.

Due to the variety of configuration options for the LDAP access to the directory service, it is easy to specify a faulty configuration, which could then result in the threats listed in the following:

• the ability to gain access to the directory service without authorisation,
• errors in the assignment of access rights,
• spying on information sent as plain text,
• transmission of unencrypted user passwords,
• inadequate availability of the overall system, and
• errors in LDAP accesses, especially for network-based applications.