ADMINISTRATIVE TASK
. | HOW TO DELEGATE THE TASK
. | SECURITY IMPLICATIONS OF TASK
(when performed with malicious intent) |
|
1. Create a service connection
point | Grant Create Child permissions on the parent object to create Service Connection Point objects | Introduce a misleading service connection point and use it to mislead existing services, in effect launching a denial-of-service attack against those services. |
|
2. Delete a service connection
point | Grant Standard Delete permissions on the SCP object or Delete Child permissions on the parent object | Delete a service connection point being used by a service, in effect launching a denial-of-service attack against the service. |
|
3. Change a service
connection point's keywords | Grant Write Property permissions on the SCP object to modify the Keywords attribute | Modify the keywords that the associated service depends on for service location, in effect launching a denial-of-service attack against the service. |
|
4. Change a service
connection point's service
DNS name | Grant Write Property permissions on the SCP object to modify the Service DNS Name attribute | Modify the DNS name associated with the service, in effect launching a denial-of-service attack against the service. |
|
5. Change a service
connection point's security
permissions | Grant Modify Permissions permissions on the SCP object | Grant or revoke any account or group of your choice the ability to perform any of the above mentioned SCP administrative tasks on this service connection point. |
|
