T 5.86 Manipulation of management parameters

Management systems can also be used for an attack on a local computer system by deliberately causing incorrect configuration. The incorrect configuration can be caused in various ways. In the process, it is possible to manipulate both the management platform and the equipment it controls. Network management systems which use SNMP are particularly susceptible to attacks in which management parameters are deliberately configured incorrectly (e.g. through the perpetrator's own SNMP client). Depending on which parameters can be adjusted, the attacks range from simple "denial-of-service attacks" (e.g. by altering IP addresses) to data manipulation (e.g. following the alteration of access rights).

If network components are controlled through a management system, then all configuration parameters controlled by the management system should only be changed through the management system. Depending on the management system, however, it is also possible to change the configuration parameters of the components locally. If a PC is controlled through a network management system, e.g. via SNMP, then local users can alter the settings with a local SNMP client program (if they know the SNMP password) or using a local operational control (e.g. on a printer). This may just lead to inconsistencies in the network management system, but could even be deliberately used to cause gaps in the security. For example, it could later be made possible for a Windows NT computer to query records released via SNMP and the network.