How Vulnerable Are Internet Sites?



next up previous contents
Next: Introduction to Firewalls Up: Introduction to the Previous: Host-based Security Does

How Vulnerable Are Internet Sites?

As noted in the preceding sections, a number of the TCP and UDP services provide poor levels of security in today's Internet environment. With millions of users connected to the Internet, and governments and industry placing more reliance on Internet availability, the flaws in these services, as well as the availability of source code and tools to automate breaking into systems, can be devastating to sites that suffer break-ins. However, it is difficult to know or assess the true risks of using the Internet and, following, how vulnerable a site is to some form of attack from intruders and related activity. There are no firm statistics.

The Computer Emergency Response Team Coordination Center (CERT/CC) has maintained some base statistics on the number of incidents they have handled since their inception in 1988. The numbers have climbed quite steeply as each year has progressed, however at the same time, the Internet has also grown dramatically. In some cases, CERT counts multiple break-ins of the same pattern as all part of a single incident, thus a single incident could be comprised of hundreds of break-ins at different sites. It is difficult to draw strong conclusions as to whether the number of incidents and break-ins has remained proportionally the same. Further complicating this is that more people are aware of the existence of incident response teams and may be more likely to report incidents, thus one wonders whether there are more incidents or just more incidents reported.

NIST asserts that the Internet, while a useful and vital network, is at the same time very vulnerable to attacks. Sites that are connected to the Internet face some risk that site systems will be attacked or affected in some form by intruders, and that the risk is significant. The following factors would influence the level of risk:

The more systems that are connected, obviously the harder it is to control their security. Equally, if a site is connected to the Internet at several points, it likely would be more vulnerable to attacks than a site with a single gateway. At the same time, though, how well prepared a site is, and the degree to which the site relies on the Internet, can increase or decrease the risk. A site's high profile could attract more potential intruders who wish to do some harm to the site's image. It should be mentioned, though, that ``quiet,'' less-frequently used sites are also attractive to intruders since they can more easily hide their activity.

NIST asserts that sites that use recommended procedures and controls for increasing computer security have significantly lower risks of attack. Firewalls, combined with one-time passwords that are immune from monitoring or guessing, can increase greatly a site's overall level of security and make using the Internet quite safe. The following chapters contain more detail on firewalls and how they can be used to protect against many of the threats and vulnerabilities mentioned and referenced in this chapter.



next up previous contents
Next: Introduction to Firewalls Up: Introduction to the Previous: Host-based Security Does



John Wack
Thu Feb 9 18:17:09 EST 1995