T 5.133 Unauthorized use of web-based administration tools

Administration using browser-based tools has become increasingly important. One of the decisive advantages for the personnel responsible for technical matters is independence from

• the operating system platform of the IT system to be administered, and
• the location of the IT system to be administered.

One thing all tools have in common is that they use critical login data. They depend on standardised authentication methods commonly used on the Internet to ensure the technical personnel have authorised access to the critical local systems. Many administration tools also have their own additional authentication mechanisms or utilise local authentication and security mechanisms, not all of which are standardised. There is a threat of the computer being compromised by unauthorised users.

A high risk is posed when the security policy for authentication in the network or its implementation in the information system under consideration is undermined by unsuitable authentication procedures for web-based administration tools. The most common causes for this are:

• selection of the wrong or outdated authentication methods because the particular tool does not support stronger authentication or because other participating IT systems (e.g. security gateways) do not support the favoured protocol.
• unsuitable implementation or use of web-based authentication in the local authentication system.

A threat can arise, for example, when the Windows Internet Information Service (IIS) component is activated for the purpose of using web-based administration tools without configuring IIS according to the recommendations. A threat could then be posed when only weak authentication procedures are activated in the standard configuration. It must be pointed out that poor configuration of any web-based administration solution available on the market poses a great risk.