T 2.24 Loss of confidentiality of sensitive data of the network to be protected

If a network that is not protected by a firewall is connected to an external network such as the Internet, various data from the internal network including mail addresses, IP numbers, computer and user names, can be retrieved by the external network. From this data, information can be deduced about the internal network architecture and its users. The more information an invader has about potential targets of attack, the more opportunities he has to infiltrate If an invader knows, for instance, user names of an IT system, he can try to guess the associated passwords or find them through dictionary hacking (see also T 5.18 Systematic Trying Out of Passwords).