SAN FRANCISCO (01/12/2004) - Malicious hacking attempts get most of the press coverage, but they are only one of the dangers for security administrators to be aware of. If you're looking for an excuse to have a sleepless night, consider the following range of popular threats.
The Inside Job
Most of the attacks that cause significant damage to systems come from an employee or ex-employee who vandalizes the system or its data. Any reasonable security plan will call for system and network access to be immediately terminated when an employee leaves the organization for any reason. While employed, staff should have only those access privileges required for their job, rather than blanket or gradually increasing access based on roles.
Files attached to e-mail can carry payloads that cause damage in many different ways, from delivering viruses that can disable the recipient's system to embedding Trojan horse software that will use the computer to launch attacks on other computers. Mail is also an attractive attack mechanism because a virus or Trojan doesn't need to use the normal e-mail application to send copies of itself to other systems; the code to create and send e-mail can run as a stand-alone applet that uses the network's e-mail permissions to get past security but provides no notice that anything is amiss.
Too Many Ports
Applications and network services make use of specific connections called ports to transact their business. There are tens of thousands of these ports available for use, out of which a couple dozen are used by the vast majority of applications and services. If the other ports are left open and available, attackers can use them as methods of entry into vulnerable systems. Routers and firewalls can be configured to stop traffic on most ports, but it is better to close the ports at the operating system level, leaving open only those ports absolutely necessary for applications to properly function. Recent worms such as W32/Blaster take advantage of open ports, wresting control of desktops to use them as weapons in DoS (denial of service) attacks against highly visible targets.
Web of Deception
Properly used, URLs are simple strings of text that direct a browser to a particular Web site. However, they can also be put to malicious purposes. Poorly configured Web servers can be vulnerable to URLs that are exceptionally long (leading to buffer overflow and the execution of system-level commands) or that contain embedded SQL database commands (leading to databases being transmitted, in their entirety, to the attacker). Web servers and applications must be configured to filter out embedded commands, unused ISO character sets, and excessively long URLs.