T 3.40 Inappropriate use of authentication services with remote access

The RAS user's identity must be determined during logon. This typically entails the use of authentication mechanisms which are based on user administration facilities involving the storage of authentication data. RAS systems offer several options for the storage of user data: separate user administration facilities, use of the user administration facilities of the operating system, use of authentication servers (with separate user administration). If different user administration systems are used for RAS and the operating system, it is possible if there are lapses in organisational processes for inconsistencies to come about in the two sets of data. This can lead to the establishment of connections which are not permitted and to unauthorised data access. Separate administration is therefore not recommended.

Example

• When an employee leaves the organisation, his user account is not deleted in the RAS user administration software. The former employee can therefore continue to dial in via RAS access and access all generally accessible data. Access can also be used to initiate other attacks.

Many client components for remote access allow the data necessary for authentication to be locally stored after it has been entered once so that when further connections are subsequently established it is no longer necessary for the user to enter the data. However, this procedure can be dangerous if the RAS client is subject to unauthorised access. The authentication mechanism can then no longer perform its intended role. As a result, unauthorised persons may be able to access the local network which can be accessed over a RAS link from the client concerned, thus endangering the security of these local network. Storage of keys for data encryption or digital signatures on the RAS client carries a similar risk.