IT Baseline Protection Manual T 2.64 Lack of or defective rules for the RAS system
T 2.64 Lack of or defective rules for the RAS system
If no rules or only inadequate ones have been set for the RAS system, this constitutes a considerable threat to the system as a whole. As a RAS system is composed of a number of components, the first set of threats comes from the "Organisational shortcomings" area of the various individual components, as set forth in the relevant module descriptions.
In the RAS environment, the threats outlined below deserve special mention.
A RAS system should not be allowed to "grow organically". Instead, use of RAS access should be preceded by careful planning, irrespective of how complex access is designed to be. Experience shows that especially where RAS access is continually extended, complex hardware and software scenarios can come about which it is then no longer possible to keep under control. This can result in security settings that are incorrectly selected, incompatible with each other or which cancel each other out.
In the absence of a universal and binding security policy, it is usually left to individual administrators and RAS users to make the security settings which seem appropriate to them. This can result in incompatible security settings which either prevent connections from being established or else allow insecure connections to be established. But since in many cases IT systems which are linked up via RAS have the same access possibilities as IT systems which are actually on the LAN, one result may be that the security of the LAN is compromised.
The security of a RAS system is based on the interaction of the physical components (computers, network switching elements), their connection structure (distribution over the network, connection topology) and the configurations of the relevant software components. The rules specified in the RAS security concept and their implementation through corresponding configuration settings can, however, only deliver the required security if the system that is actually installed agrees with the planned system. But in practice changes are often made to the physical design during the installation phase, for example, due to a lack of detailed information during the planning phase. If these changes are not recorded, documented and analysed for possible effects on IT security, then the security of the LAN can be endangered through incompatibilities of system structure and configuration of the RAS system.
If no rules or only inadequate ones have been set for the use of RAS, this constitutes a special threat. RAS users generally act on their own initiative when using RAS. If there are no dedicated rules on the use of RAS or if the users do not know about them, then security weaknesses can be created unknowingly by the user. Rules whose adherence is the sole responsibility of the individual user may not always be adhered to in their entirety, for example due to a lack of technical understanding.
Examples
Incompatible security settings. The RAS system administrator only allows triple-DES encrypted connections, but a user has not configured any encryption for the RAS client. A connection is therefore not established.
Installation which deviates from plan. Due to incompatible links between RAS server and the interface with the telecommunications provider (e.g. ISDN terminal device connection linked to ISDN system connection) or inappropriate cable arrangement, a decision is made during installation of the RAS system to install an additional small ISDN PBX which offers compatible connections to both sides. As this additional device was not included in the plan, it gets left out of the RAS security concept. When a RAS connection is established it is now possible, for example, to access the device for remote maintenance using a procedure that is protected only with a standard password.