|
|
Improper IT system administration involving negligence or ignorance of IT security measures jeopardises the security of the system.
Improper administration exists, for example, if network access points (daemon processes) are created or not disabled which are not necessary for the regular operation of the IT system or which represent a particularly great threat due to their error-proneness.
Examples:
In addition to the instances mentioned under T 3.8 Improper use of the IT system, the system administrator may create threats due to the incorrect installation of new or existing software. Other instances of incorrect management are when no use is made of auditing functions, or existing log files are not analysed; when access rights are granted too generously and not checked at certain intervals; when login names or UIDs are set up more than once; or when existing security tools are not used, for instance, failure to use a shadow file for passwords under Unix.
| © Copyright
by Bundesamt für Sicherheit in der Informationstechnik |