Without suitable site, system and data control mechanisms, it is virtually impossible to
prevent or detect the unauthorised use of devices and systems. For IT systems, the general
mechanism is the identification and authentication of users. However, even in IT systems that
use a strong identification and authentication function, unauthorised use is possible if the
corresponding security features (passwords, chip cards, tokens etc.) fall into the wrong hands.
Many errors can also be made when assigning, managing and updating authorisations, for
example if authorisations are assigned too extensively or to unauthorised persons or are not
updated in a timely manner.
Using devices and systems without authorisation, unauthorised persons may obtain
confidential information, carry out manipulations or cause disruptions.
A particularly important special case of unauthorised use is unauthorised administration.
When unauthorised persons change the configuration or the operating parameters of
hardware or software components, this may result in serious damage.
Example:
• When checking the log data, a network administrator detected initially inexplicable
events, which occurred on different days, but often in the early morning and in the
afternoon. On closer examination, it transpired that a WLAN router was configured
insecurely. People waiting at the bus stop in front of the company building had been
using this access to surf the Internet using their portable terminal devices while waiting
for the bus.