Potential threat scenarios – BECKHOFF IPC-Security User Manual

Page 27

Advertising
background image

Software

Category

Description

Microsoft Windows XP

System software

Operating System

Microsoft Windows 7

System software

Operating System

Microsoft Windows Embedded

System software

Operating System

Microsoft Windows CE

System software

Operating system

Windows Update client

Update software

Used to receive Windows Up-
dates from a central Windows
Update Server

Windows Update server

Update software

Used to distribute Windows Up-
dates from a central location to
network clients

Internet Information Service

Webserver software

Default HTTP and FTP server
in Microsoft Windows operating
systems

Remote Desktop

Maintenance software

Default

remote

maintenance

software distributed in Microsoft
Windows

operating

systems

(not Windows CE)

CerHost

Maintenance software

Default

remote

maintenance

software distributed in Windows
CE

5.1.3. Potential threat scenarios

The following chapter gives a short overview about possible threat scenarios, which may or may not be rep-
resentative in your environment. Please take the following chapters as a means to gain a better awareness
for this scenario.

5.1.3.1. Manipulated websites

By directing a user to access a manipulated and untrusted website, an attacker could either fool the user to
disclose sensitive information, e.g. passwords, or use a vulerability of the web browser to remotely access
the operating system.

Due to this, an attacker could gain access to the system with the same privileges asthe user.

5.1.3.2. Man-in-the middle attacks

By intercepting network communiations using a non-secure network protocol, an attacker could expose
himself as a trusted source for all participants and as such manipulate or read all transferred information.

5.1.3.3. Open network ports

By scanning the network for open network ports, an attacker could use network services that have been
unnecessarily activated because they have no use in the specific system.

Due to this, an attacker may use those services to trigger unwanted events.

IPC Security

27

Advertising
Popular Brands
Popular manuals