In general, each interface on an IT system not only provides the opportunity to use certain
services of the IT system in an authorised manner, but also carries the risk of the IT system
being accessed via these interfaces without authorisation.
Examples:
• If a user ID and the corresponding password are spied out, it is possible that the
applications or IT systems protected with these security mechanisms are used in an
unauthorised manner.
• Using inadequately secured remote maintenance accesses, hackers could access IT
systems without authorisation.
• In the event of inadequately secured interfaces of active network components, it is
conceivable that attackers would gain unauthorised access to the network component.
If they also succeed in overcoming local security mechanisms, for example if they
gained access to administrative authorisations, they could carry out all administration
activities.
• Many IT systems provide interfaces for the use of exchangeable data storage devices,
for example extended memory cards or USB storage media. When an IT system with
the corresponding hardware and software is not supervised, there is a risk that large
amounts of data could be read without authorisation or malware could be injected.