- Weak Passwords - Some systems and applications by default include accounts that either contain no passwords or require password input without strict regulation or guidelines.
- Too Many Open Ports - There are 65,535 ports on a computer. An attacker can use discovery or initial "footprinting" or information gathering to detect which of these ports are active and listening for requests; this can facilitate a plan that leads to a successful hack attack.
- Unprotected NetBIOS Shares - NetBIOS messages are based on the Server Message Block (SMB) format, which is used by DOS and Windows to share files and directories. In UNIX systems, this format is utilized by a product called Samba to collaborate with DOS and Windows. While network protocols typically resolve a node or service name to a network address for connection establishment, NetBIOS service names must be resolved to an address before establishing a connection with TCP/IP. This is accomplished with the previously mentioned messages or with a local LMHOSTS file, whereby each PC contains a list of network nodes and their corresponding IP addresses. Running NetBIOS over TCP/IP uses ports 137-139, where Port 137 is NetBIOS name (UDP), Port 138 is NetBIOS datagram (UDP), and Port 139 is NetBIOS session (TCP). This vulnerability can allow the modification or deletion of files from any exported, mounted file system. Server Messaging Block (SMB) can be compared to Sun's Network File System (NFS), and it allows for the sharing of file systems over a network using the NetBIOS protocol. This vulnerability gives a remote intruder privileged access to files on mounted file systems. Consequently, an attacker could potentially delete or change files.
- Buffer Overflows - Buffers are types of data storage units in computer systems. They were designed to hold a specific amount of data, and when overwhelmed, can leak some into adjacent buffers causing an overflow and/or corrupting legitimate data. This type of attack not only distresses the integrity of data, but can also trigger malicious events such as file damage or exhausting system resources resulting in a denial of service (DoS).
- Malicious Code Threats - These include publicized virus and Trojan variations such as Myparty, Goner, Sircam, BadTrans, Nimda, Code Red I/II and many more.
Upwards to $59 billion is lost each year in proprietary information and intellectual property, according to the 10th Trends in Proprietary Information Loss Survey by ASIS International, PricewaterhouseCoopers, and the U.S. Chamber of Commerce. The collective basis for these losses is a lower level of priority for information security-especially at the internetwork, desktop, and public sector user-and lack of management support. With the rapid release of new software and hardware and the progression of technology and processing power, the threat of further loss is imminent. We simply must equally integrate security throughout the infrastructure and should not depend so much on robust perimeter security such as firewalls.
High-speed networks of interconnected data storage and processing devices are centralized for better control over information assets. With stored data processing at the core, network capacity is emancipated outward to the users. The same methodology should be incorporated into corporate and public network security policies with a ripple effect-imagine a drop of water hitting a calm pool and causing ripples. With regard to a network each ripple correlates to a network point that has the potential to contain vulnerabilities from any direction and needs be taken into account from a security perspective. This is the essence of ripple security logic.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.