Assessing Current Network Concerns 41
National Institute of Standards and Technology (NIST) publications
Generally Accepted System Security Principles (GASSP)
British Standard (BS) 7799
International Standard for Information Security (ISO 17799)
Global Information Assurance Certification (GIAC) (www.giac.org) by the
SANS Institute
Some additional threats identified by these organizations include:
Firewall and system probing. Hackers are using sophisticated, automated
tools to scan for the vulnerabilities of a company’s corporate firewall and
systems behind the firewall. These hacker tools have proved quite effective,
with the average computer scan taking less than three minutes to identify
and compromise security.
– Safeguard/control. Companies can prevent this by ensuring that their
systems sit behind a network firewall, and any services available through
this firewall are carefully monitored for potential security exposures.
Network file systems (NFS) application attacks. Hackers attempt to exploit
well-known vulnerabilities in the NFS application that is used to share files
between systems. These attacks, usually through network firewalls, can
result in compromised administrator access.
– Safeguard/control. To combat this, ensure that systems do not allow
NFS through the firewall, and enable NFS protections to restrict access
to files.
Vendor default password attacks. Systems of all types come with vendor-
installed user names and passwords. Hackers are well educated on these
default user names and passwords, and use these accounts to gain unau-
thorized administrative access to systems.
– Safeguard/control. Protect systems by ensuring that all vendor pass-
words have been changed.
Spoofing, sniffing, fragmentation, and splicing attacks. Recently, computer
hackers have been using sophisticated techniques and tools at their disposal
to identify and expose vulnerabilities on Internet networks. These tools
and techniques can be used to capture user names and passwords, as well
as compromise trusted systems through the firewall.
– Safeguard/control. To protect systems from this type of attack, check
with computer and firewall vendors to identify possible security pre-
cautions.
Social engineering attacks. Hackers will attempt to gain sensitive or con-
fidential information from companies by placing calls to employees and
pretending to be another employee. These types of attacks can be effective
in gaining user names and passwords as well as other sensitive information.
– Safeguard/control. Train employees to use a “call-back” procedure to
verify the distribution of any sensitive information over the phone.
Prefix scanning. Computer hackers will be scanning company telephone
numbers, looking for modem lines that they can use to gain access to
internal systems. These modem lines bypass network firewalls and usually
bypass most security policies. These “backdoors” can easily be used to
compromise internal systems.