ATLANTA -- During the holiday season, it's especially important to review the security precautions for business computer systems that are connected to the Internet. Ongoing reviews by MCI's Internet Security Department indicate widespread attempts by ill-intentioned hackers to break into business computer systems via the Internet. With this in mind, MCI's Internet security experts have developed some security guidelines that will help businesses protect their systems.
"It is important for companies to do a thorough security audit of their computer systems and to keep these systems up-to-date in order to thwart computer hackers," said Robert Hagens, director of Internet Engineering for MCI's Data Services Division. "Computer hackers are constantly sharpening their skills and inventing new schemes to break into company computer systems. Businesses also need to ensure that they continue to stay one step ahead of the bad guys in securing their systems."
According to MCI's Internet Security Department, most of the successful computer break-ins are the result of exercising old, known weaknesses in operating systems which system administrators and managers have not remedied. Despite the best efforts of the Computer Emergency Response Team (CERT) and others, many system operators have shown remarkable complacence about security until they are hit by a hacker. MCI hopes this message will encourage more pro-active efforts by managers of systems on the Internet.
MCI has identified the Top 10 Threats that businesses should be aware of and the Top 10 Precautions that businesses can take to protect their computer systems.
TOP 10 THREATS
1. Firewall and System Probing
Hackers are using sophisticated, automated tools to scan for vulnerabilities of a company's corporate firewall and systems behind the firewall. These hacker tools have proved to be quite effective, with the average computer scan taking less than three minutes to identify and compromise security.
Companies can prevent this by ensuring that their systems sit behind a network firewall and any services available through this firewall are carefully monitored for potential security exposures.
2. Network File Systems (NFS) Application Attacks
Hackers attempt to exploit well known vulnerabilities in the Network File System application which is used to share files between systems. These attacks, usually through network firewalls, can result in compromised administrator access.
To combat this, ensure systems do not allow NFS through the firewall, and enable NFS protections to restrict who can access files.
3. Electronic Mail Attacks
Hackers can compromise network systems by simply sending an e-mail to it. Companies who accept e-mail from the Internet and who have exposed versions of the sendmail program are potential targets from this attack. Last year more than 20,000 systems were compromised due to this exposure.
To prevent this from occurring, check with vendors to ensure systems are running a correct version of sendmail or some more secure mail product.
4. Vendor Default Password Attacks
Systems of all types come with vendor installed usernames and passwords. Hackers are well educated on these default usernames and passwords and use these accounts to gain unauthorized administrative access to systems.
Protect systems by ensuring that all vendor passwords have been changed.
5. Spoofing, Sniffing, Fragmentation and Splicing Attacks
Recently computer hackers have been using sophisticated techniques and tools at their disposal to identify and expose vulnerabilities on Internet networks. These tools and techniques can be used to capture names and passwords, as well as compromise trusted systems through the firewall.
To protect systems from this type of attack, check with computer and firewall vendors to identify possible security precautions.
6. Social Engineering Attacks
Hackers will attempt to gain sensitive or confidential information from companies by placing calls to employees and pretending to be another employee. These types of attacks can be effective in gaining usernames and passwords as well as other sensitive information.
Train employees to use a "call-back" procedure to verify the distribution of any sensitive information over the phone.
7. Easy-To-Guess Password Compromise
Most passwords that are easy to remember are also easy to guess. These include words in the dictionary, common names, slang words, song titles, etc. Computer hackers will attempt to gain access to systems using these easy-to-guess passwords usually via automated attacks.
Protect systems by ensuring that passwords are not easy to guess, that they are at least eight characters long, contain special characters and utilize both uppercase and lowercase characters.
8. Destructive Computer Viruses
Computer viruses can infect systems on a widespread basis in a very short period of time. These viruses can be responsible for erasing system data.
Protect systems from computer viruses by using anti-virus software to detect and remove computer viruses.
9. Prefix Scanning
Computer hackers will be scanning company telephone numbers looking for modem lines, which they can use to gain access to internal systems. These modem lines bypass network firewalls and usually bypass most security policies. These "backdoors" can easily be used to compromise internal systems.
Protect against this intrusion by ensuring modems are protected from brute force attacks. Place these modems behind firewalls; make use of one-time passwords; or have these modems disabled.
10. Trojan Horses
Hackers will install "backdoor" or "Trojan Horse" programs on businesses computer systems, allowing for unrestricted access into internal systems, which will bypass security monitoring and auditing policies.
Conduct regular security analysis audits to identify potential security vulnerabilities and to identify security exposures.
TOP 10 SECURITY PRECAUTIONS
1. Firewall Sensitive Systems
Ensure corporate systems are protected from Internet attacks. Deploy a firewall between these systems and the Internet to guard against network scans and intrusions.
2. Obtain Security Alert Information
Subscribe to security alert mailing lists to identify potential security exposures before they become problems. CERT (Computer Emergency Response Team at Carnegie Mellon University) is a good place to start. The URL for CERT's Web site is cert-advisory-request@cert.org. The e-mail address is cert@cert.org.
3. Review System Audit Trails Regularly
Regularly check logging data and audit trails to look for unusual or suspicious activity.
4. Backup Data
Don't be a victim of accidental or malicious data erasure. Backup all sensitive data on a regular basis.
5. Purchase and Deploy Anti-Virus Software
Computer viruses can spread throughout a system in minutes. Check systems for viruses on a regular basis.
6. Change Passwords On A Regular Rotational Basis
Don't pick easy to remember passwords and change them often. Consider the use of one-time password tokens to avoid password compromise threats.
7. Deploy Vendor Security Patches
Consult with vendors and obtain any system security patches that can be used to add additional layers of protection.
8. Establish and Enforce A Security Policy
Develop and enforce a company-wide computer and physical security policy.
9. Employee Awareness
Ensure all employees and management are briefed regularly on security threats, policies, corrective measures and incident reporting procedures.
10. Make Use Of Public Domain Security Tools
A wide variety of public domain security tools exist on the Internet, many of which can be used to assist in the protection of computer systems.
The above information was developed by MCI's Internet Security Department. To find additional information on security checklists and resources available to combat security threats, view the MCI security homepage at http://www.security.mci.net.