|
Laptop Security Today
"The biggest worry for law firms
is that laptops can provide a backdoor route into their systems.
The industry needs to sit up and take this threat seriously -
information security is fundamental to a firm's reputation and
financial success. We've found cases where details of mergers
and acquisitions, IPOs and flotations, investigations and disputes,
de-mergers and acquisitions - even slamming comments made about
key clients in internal emails - were open for hackers to see”
says Roy Hills, Technical Director, NTA Monitor.
"In essence, the greatest threat
we discovered comes from providing access to lawyers working remotely,
for example from laptops at client sites or for access to other
offices around the world. Firms used to put in place high cost
dedicated private networks for this kind of communication, but
they're now switching to flexible and more cost effective Internet-based
networks," Hills explained. "This is fraught with risk
unless the right levels of security are in place. The rocketing
volume of firewall flaws we found in the legal sector shows that
they are not! This surprised me as the mere whiff of breach of
confidentiality from a legal firm can tarnish its reputation,
potentially leading to their clients moving to another practice.
"The potential revenue loss
on a day to day basis is also huge. A number of basic flaws we
discovered would enable the Internet connection to be brought
down, blocking all Internet traffic into and out of the firm,
prevent site-to-site communication over Internet connections,
and prevent lawyers working remotely to log into files and working
documents. This disruption would almost certainly result in a
substantial direct loss of revenue," Hills concluded.
Firewall Flaws
The next greatest threat comes from
Internet Firewalls and routers being susceptible to attacks exploiting
insecure or unnecessary services offered on these critical devices.
61 percent of legal organisations' firewalls tested offered management
and virtual private network (VPN) services to the Internet, revealing
the location and often the version of firewall software in use.
This information allows attackers to run known attacks against
the versions of software in use.
18 percent of sites tested were vulnerable
to a Check Point Firewall-1 Securemote flaw, which enabled unlimited
username and password guessing attempts. This flaw enables an
attacker to run an automated password cracker on the site, guessing
thousands of combinations per minute.
Hills comments, "Just one matched
account could mean big problems for a law firm. Remote VPN access
is typically set up to allow unrestricted access to the Internal
network, once authenticated. Once inside, all kinds of information
could be exposed - and not just in one office, but potentially
gaining access [from the inside] to other offices linked in the
VPN.
"A really serious concern is
that almost half [43 percent] of routers tested offered the Telnet
service. There are many flaws published that exploit this service
across a number of products including Cisco and 3Com. Attacks
range from simple denial of service, knocking out the whole Internet
gateway behind the router, to being able to crack the password,
enabling all traffic to be 'sniffed' and copying all traffic entering
or leaving the site, including emails and passwords.
"The critical nature of data
access over VPNs and the operational reliance on uptime of the
corporate firewall means that corporates should ensure firewalls
are installed and configured correctly. It is a key security principle
to keep your firewall and remote connections hidden from unauthorised
users - if a firewall can be detected then you are setting it
up as a target to be hacked," Hills concluded.
Overall vertical market trends
Overall, the report highlights marked
security gaps between vertical markets, widening to a chasm in
certain areas. The government, legal, manufacturing and services
sectors lag the finance and IT & telecommunications sectors
in terms of security vulnerabilities in their IT systems. The
situation has only shown marginal improvement over the last four
years despite the continued increase in focus on IT security during
that time.
No sector outperformed all others
across all risk areas: the extent to which different vertical
market sectors were exposed varied markedly depending on the security
area examined. The most striking variance between sectors was
in firewall and visible hosts vulnerabilities. For example, firewall
flaws were found in 82 percent of legal organisations in 2002,
compared to 25 percent of IT and telco companies in the same year.
Hills said: "Having worked with
these sectors for many years, the analysis produced surprising
results, in some cases totally contradicting what we'd assumed.
Sectors we expected to have the tightest security did not necessarily
come out on top in all areas: for example, the finance sector
had the worst record for router vulnerabilities - 94 percent of
companies surveyed had simple router flaws.
"This highlights the need for
ongoing security testing across all areas: network, operating
system and application level. Although some sectors are performing
better than others, in absolute terms all sectors still have a
very long way to go to achieve best practice network security.
"The survey results also highlight
a focus on reducing the impact of risks (i.e. minimising high
risks issues) rather than addressing the areas of risk (i.e. minimising
all risks in the router, firewall etc). So in addition to addressing
risks in order of severity, we'd recommend taking an holistic
view, targeting distinct risk areas," Hills concluded.
Recommendations
Based on the findings, NTA Monitor
made a number of broad recommendations to improve the security
protection and housekeeping of corporate Internet connections.
NTA Monitor advises legal firms wherever
possible to:
1. Keep firewalls and remote connections
hidden to all but authorised IP addresses to prevent access by
unauthorised users
2. To restrict services offered on any Internet visible system
to the absolute minimum required to perform its function. Remote
access and management services should be restricted to only authorised
IP addresses or ranges
3. Protect any remote client connecting to the corporate VPN with
a securely configured personal firewall and up-to-date anti-virus
software
4. Avoid allowing access to sequential IP address ranges that
could be predicted by an attacker
NTA Monitor characterises a high-risk
issue as a major security vulnerability that is typically widely
known and exploited by hackers to gain external access to a computer
system. Medium-risk issues permit external users to disrupt services
or internal users to gain unauthorised access to systems, whilst
a low risk issue provides information that could be useful to
a hacker in attempting an external attack.
A copy of
the NTA Monitor Vertical Market Security Report 2003 can be downloaded
from:
www.nta-monitor.com/auditreport/legal
|
![[ network-i // IT with IQ ]](images/main_02.gif)
