T 5.16 Threat during maintenance/administration work

An IT system can be manipulated in any manner while performing maintenance work. The primary risk in this case is that the owner is often unable to immediately detect and track down the modifications made. Furthermore, both external as well as internal maintenance technicians usually have full access to all of the data stored on the IT systems being serviced.

External maintenance technicians could attempt to obtain internal information without authorisation or install back doors so that they have access to the IT systems at all times.

Internal personnel could attempt to change authorisations (such as authorisation to make foreign telephone calls or to access Internet services) or enable additional features while performing maintenance or administration work for their own advantage or as a favour to colleagues. This can cause system crashes or open additional security gaps due to configuration errors when the person making the changes lacks the proper skills and knowledge.

In addition, the maintenance personnel often have full access (read and write access) to the data stored on the IT systems being serviced. Even when access is restricted to certain storage areas or to certain times, there is still enough leeway to access the data stored and possibly manipulate this data or give it to third parties without authorisation.

Temporary disabling or manually changing the settings of control or alarm units while performing maintenance is potentially very risky. This also applies to the alarm and control systems as a whole.

Examples:

• A temporary worker recently hired who was assigned the task of locking any accounts that are not used any more exploited the extensive privileges to download copyrighted software from the central application server for private use. He also used the CD-ROM/DVD writer and data media in the office to make copies of the program to distribute to his friends.
• To allow a colleague to carry out her private home banking transactions from the office, she was granted exclusive access to their Internet provider via ISDN as a favour. While downloading a screen saver for Easter from the Internet, she infected her PC with a virus. Since the computer was connected to the internal network, the virus spread very quickly. The corporate network was down for several hours until the problem was eliminated.
  Burglar alarm systems often have an integrated log printer. Time and time again, such burglar alarm systems are switched off as a "precaution" before reloading the log printer with paper. When switching the system back on again, though, there is a risk that the system will not start properly and malfunction as a result.