T 3.9 Improper IT system administration

Improper IT system administration can place the security of an IT system at risk when it results in the disregarding or bypassing of security safeguards.

An example of improper administration is when network access capabilities are created (or not disabled) that are not necessary for the proper operation of the IT systems or that represent a particularly serious threat due to their tendency to contain errors.

A problem frequently encountered is that the user names used to work on the IT system are granted more privileges than are absolutely necessary for the tasks at hand. If a computer becomes infected with a computer virus or a Trojan horse in this case and the user works with administrator rights, there may be wide-ranging consequences since the malware will also run with administrator rights.

Incorrectly installing new or existing software can create security problems. It is very uncommon for standard installations of operating systems or system programs to offer all the features required for a secure configuration. Improper modifications to meet the actual security requirements can pose a considerable risk in this case. The danger of configuration errors is especially serious in complex security systems such as RACF under z/OS. Many system functions have a mutual influence on each other.

Special attention must be paid to systems that, when poorly administrated, could affect the protection of other systems (e.g. routers and security gateways).

Every modification to the security settings and every extension of access rights constitutes a potential threat to the overall security.

Examples:

• When user IDs not needed any more are not deactivated, it is common for no one to take care of its privileges and contents. If an attacker is able to gain access to an unused user account, then he may be able to access internal information and applications using this account.
• Other examples of incorrect administration are the failure to use logging capabilities or to analyse existing log files, granting access rights too generously and then failing to review the access rights at regular intervals, multiple assignment of the same login name or UID, and the failure to use the security tools available, e.g. failure to use the shadow file for passwords in Unix.
• The effectiveness of a password decreases as it gets older. The reason for this is that the probability of a successful attack increases steadily over time.
• In a z/OS system, the user files were protected using RACF profiles via Universal Access so that no one was able to access them unchecked (UACC = NONE). Due to carelessness on the part of the administrator, an entry in the Conditional Access List of the profile granted READ access to all IDs (* entry). As a result, every user in the system could see the files via the Conditional Access List even though UACC=NONE was specified.