IT Baseline Protection Manual T 3.28 Inadequate configuration of active network components
T 3.28 Inadequate configuration of active network components
Throughan inadequate configuration of the network components, the availability of the entire network or segments of it, or the confidentiality of information and the integrity of data can be impaired. The following types of incorrect configuration need to be distinguished in particular:
Active network components used for building VLANs (virtual LANs) implement a logical segmentation of the network. An incorrect configuration could lead to the breakdown of communications within a VLAN, between individual VLANs or even between all of them. Depending on the VLAN strategy employed by the manufacturer in question, this influences the allocation of mutually communicating systems to identical VLANs, and also VLAN routing, if this is supported by the active network components.
Example:In case of VLANs which can only communicate with each other via routers, the central infrastructure servers which provide file and printing services, for example, are not allocated also to the VLANs of the workstation systems. In addition to this no routers are connected. In this situation some of the workstation systems can no longer use the services of the central infrastructure servers, as these servers are located within an inaccessible subnetwork.
A network can be divided into subnetworks through the use of routers. These routers must be configured appropriately to allow communications between the subnetworks, i.e. the routers have to keep routes between individual subnetworks in routing tables. Routing tables can be managed statically or dynamically. In both cases, any communication between individual subnetworks will not be possible, if the routing tables do not specify a route between these subnetworks. A misconfiguration can be caused by an incorrect definition of static routing tables or by an incorrect configuration of the routing protocols (for example RIP or OSPF) used for an automatic update of dynamic routing tables.
Example:A router-to-router connection is configured by static entries of the IP addresses in the corresponding routing tables. This communication line will become no longer available, if there is a change in the IP address of one of these routers, or an additional router is inserted.
Active network components capable of filtering protocols and network addresses can prevent communications based on certain protocols or communications between systems having certain network addresses with this technique. Incorrect configuration of the respective filters in use can result in an undesired communications breakdown, depending on the type of incorrectly configured filters and the type of incorrect configuration.
Filters configured incorrectly can also result in an establishment of connections allowing the infiltration of IT systems within the protected network. Depending on the nature of the infiltration, this might impair the availability of individual network components or even the entire network. Furthermore, a manipulation of the connecting path may lead to a re-routing, to modifications, or to a monitoring of the data packets.
Examples:
A multiport repeater is configured in such a way that only systems with particular MAC addresses can be connected to certain ports. After the replacement of a network card on one of the stations and the resulting change in the MAC address, this system can no longer be connected to the network (loss of availability).
An unsuitable configuration for active network components (particularly for VLANs or filtering rules) can expand broadcast-domains to an unnecessarily large extent and give rise to superfluous network connections. This could allow confidential data to be viewed by unauthorised parties.