Impersonating a User

Next: Disclosure of Information Up: Security Threats Previous: Denial of Service

Impersonating a User

The threat of impersonating a user, also known as masquerade, is an attempt to gain unauthorized access or greater privilege to a system, by posing as an authorized user. Examples of masquerade are using stolen logon ids and passwords, bypassing the authentication mechanism, and using security holes in programs. An example of a vulnerability that is likely to lead to masquerade is the use of weak authentication methods. Impacts on the PSN caused by threat of impersonating a user include the full range of impacts to NS/EP telecommunications described in section . Examples of potential impacts on the PSN include the deletion, disclosure, or modification of system software and data, and the deletion, disclosure, or modification of data that enables changes in routing information or reconfiguration of the network. An example of modification of system software is the re-programming of network element software to insert malicious code to steal passwords.

The threat of masquerade can occur from:

• Locally connected users;
• Outside users accessing network elements from the public network;
• Compromised administrator accounts that are configured for direct and remote access; and
• Use of dial-in modems;