Threat CC.C.CCCSCSoAC.3

Transport layer security is implemented by both Client and Service for communication between them. This prevents passive snooping in the network, including gateway devices, but it does not prevent service impersonation attacks. That can be prevented by also using service authentication via a trusted key (e.g. X.509 or equivalent).

Firewall rules that normally allow access from client Client to service Service may be temporarily switched off by manager HostManager of the service host SHost if the network path is subject to snooping. This strategy represents a contingency plan, which can be used to reduce risk from some threats but it also triggers other threats representing possible side effects, depending on how likely it is that the contingency plan will need to be activated.

Firewall rules that normally allow access from client Client to service Service have been switched off by manager HostManager of the service host SHost to prevent snooping. This strategy represents activation of a contingency plan at runtime, and can be selected to discover what effect this would have on risk levels, allowing this to be used for decision support calculations. To activate it at runtime, user HostManager who is responsible for managing SHost should arrange for firewall policies to be switched off. The Disable Service Channel control should be deselected only when access is enabled again.