Security Incidents on the Internet



next up previous contents
Next: Weak Authentication Up: Security-Related Problems Previous: Security-Related Problems

Security Incidents on the Internet

 

As evidence of the above, three problems have occurred within months of each other. In the first, persistent vulnerabilities in the UNIX sendmailgif program were discussed openly on Internet discussion lists. Sites that had not corrected their sendmail programs were forced to scramble to correct the programs before attackers used the vulnerabilities to attack the sites. However, due to the complexity of the sendmail program and networking software in general, three subsequent versions of sendmail were found to still contain significant vulnerabilities [CIAC94a]. The sendmail program is used widely, and sites without firewalls to limit access to sendmail are forced to react quickly whenever problems are found and vulnerabilities revealed.

In the second, a version of a popular and free FTP server was found to contain a Trojan Horse that permitted privileged access to the server. Sites using this FTP server, but not necessarily the contaminated version, were again forced to react very carefully and quickly to this situation [CIAC94c]. Many sites rely on the wealth of free software available on the Internet, especially security-related software that adds capability for logging, access control, and integrity checking that vendors often do not provide as part of the operating system. While the software is often high quality, sites may have little recourse other than to rely on the authors of the software if it is found to have vulnerabilities and other problems.gif

The third problem has the strongest implications: [CERT94] and [CIAC94b] reported that intruders had broken into potentially thousands of systems throughout the Internet, including gateways between major networks, and installed sniffer programs to monitor network traffic for usernames and static passwords typed in by users to connect to networked systems. The intruders had used various known techniques for breaking into systems, as well as using passwords that had been ``sniffed.'' One of the implications of this incident is that static or reusable passwords are obsolete for protecting access to user accounts. In fact, a user connecting to a remote system across the Internet may be unintentionally placing that system at risk of attack by intruders who could be monitoring the network traffic to the remote system.

The following sections go into more detail on problems with Internet security. [Garf92], [Cur92], [Bel89], [Ches94], and [Farm93] all provide more background and detail; readers are encouraged to consult these references.



next up previous contents
Next: Weak Authentication Up: Security-Related Problems Previous: Security-Related Problems



John Wack
Thu Feb 9 18:17:09 EST 1995