G 0.23 Unauthorized Access to IT Systems

In principle, every interface on an IT system not only offers the possibility of legitimately using certain services of the IT system through it, but also the risk that unauthorized access to the IT system occurs via this interface.

Examples:

• If access credentials are eavesdropped, unauthorized use of the applications or IT systems protected by them is conceivable.
• Through insufficiently secured remote maintenance access, attackers could gain unauthorized access to IT systems.
• With insufficiently secured interfaces of active network components, it is conceivable that attackers could gain unauthorized access to the network component. If they also manage to overcome the local security mechanisms, for example by obtaining administrative privileges, they could perform all administrative tasks.
• Many IT systems have interfaces for the use of removable data storage, such as additional storage cards or USB storage media. With an unattended IT system with the corresponding hardware and software, there is a risk that large quantities of data could be read out without authorization or malware could be introduced.