Government Technology

Enterprise Penetration and Vulnerability


February 3, 2005 By

Why is Windows NT impossible to secure from hackers? Why should you not use a dictionary word as a password?

Rex Nelson of Northrop Grumman led GTC attendees down the rabbit hole yesterday, showing them a hacker's eye view of Web sites, systems and vulnerabilities.

The economic impact of preventing such attacks is staggering, with an estimated $1.6 trillion just to secure North American networks alone in 2003. Even so, 96 percent of all our incidents could be prevented by patching systems as new vulnerabilities are found, he said.

Microsoft installed a back door in Windows NT, explained Nelson, and when word leaked out, it became a favorite target. Another favorite target of hackers are default installs, such as IIS 4.0 which can even be found with a search engine such as Google. Simple passwords are easy to guess or crack with an online tool.

Nelson presented a number of resources for those wanting to learn more, such as the Executive Summary of The National Strategy to Secure Cyberspace, which resulted in part from former President Clinton's interest in security matters.

Nelson said that some vulnerabilities are so obvious that hackers can find misconfigured systems, MasterCard numbers, etc., by a simple Google search. On arin.net you can find your organization, and all the IP addresses that are assigned to it. Hacker tools such as scanners are available online as well. And if you receive a game like "Elf Bowling" or "Whackamole" resist the temptation to open it -- they are often attached to malicious code.

Security is not a one-time fix, said Nelson, but has its own life cycle, and one of the key features for any agency is education and training of staff. And virus protection should be routine now, it is essential, and must be updated as new viruses are identified.


You may use or reference this story with attribution and a link to
http://www.govtech.com/security/Enterprise-Penetration-and-Vulnerability.html


| More

Comments

Add Your Comment

You are solely responsible for the content of your comments. We reserve the right to remove comments that are considered profane, vulgar, obscene, factually inaccurate, off-topic, or considered a personal attack.

GovTech Papers and Case Studies View Library


Government Best Practices


Collaboration for the Public Sector


Collaborative Justice: Transforming Criminal Justice Services Through Unified Collaboration
This issue brief examines video collaboration in every stage of the human justice process, demonstrating how this technology can not only make services more efficient, affordable, and accessible.

Cloud-Based Services Accelerate Public Sector Adoption of Video Collaboration
Today, thanks to new cloud technologies and high-quality networks, mobile video services - which provide not only cost savings but which help governmental interactions become more efficient - are more feasible than ever before.

Modernization as a Service: Acquiring IT through Innovative Procurement

Five Ways Collaboration is Driving Government Performance

Mobile Video Collaboration: The New Business Reality
 

Government Technology
Public CIO
Emergency Management
Digital Communities