T 5.92 Use of the RAS client as RAS server

The RAS software installed on RAS clients may possibly allow the client to function as a RAS server and to accept incoming connections (e.g. Windows RAS). If this option is enabled, then anyone who knows the number of the telephone connection to which the client is connected can connect to this computer. If an aggressor succeeds in getting past the RAS authentication mechanism (for example, by trying out or guessing passwords, use of user accounts that are not password-protected, use of Guest user IDs with standard passwords), then he can access the data on the RAS client. If the client is connected over ISDN, then it is even possible to establish another outgoing connection (e.g. to the corporate network). If connection is automated (because the RAS password is stored on the machine), then the aggressor can also access data on the LAN without authorisation. It is therefore essential to prevent a RAS client from being used as a RAS server.