Threat H.L.CHS-iP.3.1

URI: H.L.CHS-iP.3.1

Description: Console access to unprotected guest account on host Host in Space: an attacker with access to the physical space Space where the device is located uses console access to log in to a guest account.

Threat Type: Primary Threat

Matching Pattern:

MP-CHS-iP

Finds a Console Host located in a Space, with associated access contexts and optionally an interactive user and system manager, where the device is not a personal device.

(empty)

H.L.HmAC.0

Access to Host in all contexts by unauthorized agents: if untrustworthy actors gain access to a host, the best case trustworthiness of its users in any context is degraded.

H.L.HsAC.0

Access to Host in any context by an unauthorized agent: if an untrustworthy actor gains access to a host, the worst case trustworthiness of its users in any context is degraded.

(empty)

CSG-IgnorePhysicalThreatsFromWorld

Indicates that threats from as well as to the space Space can be ignored, i.e. that the risk model intentionally does not consider physical attacks from Space. This is only permitted if Space is the inferred global public space (the World) used when no locations are asserted in the model. This control strategy is a way to specify that physical security is out of scope for devices with no explicitly specified location(s), i.e. that they are considered physically secure.

CSG-SecureHostConfig

Device Host is configured securely: passwords or other authentication are set up including resetting default passwords for all user and administrator accounts, auto-run features disabled to prevent execution without user authorisation for files from removable storage or from the internet, and unnecessary software and especially network accessible services removed or disabled.

Threat H.L.CHS-iP.3.1

MP-CHS-iP

Triggered by Threat (0)

Triggers Secondary Threats (2)

H.L.HmAC.0

H.L.HsAC.0

Triggered By Control Strategy (0)

Misbehaviour Sets (0)

Control Strategies (2)