fips191_10
FIPS PUB 191
readily available today. Unauthorized LAN access can occur by exploiting the following types
of vulnerabilities:
lack of, or insufficient, identification and authentication scheme,
password sharing,
poor password management or easy to guess passwords,
using known system holes and vulnerabilities that have not been patched,
single-user PCs that are not password protected at boot time,
underutilized use of PC locking mechanisms,
LAN access passwords that are stored in batch files on PCs,
poor physical control of network devices,
unprotected modems,
lack of a time-out for login time period and log of attempts,
lack of disconnect for multiple login failures and log of attempts,
lack of last successful login date/time and unsuccessful login attempt notification and log,
lack of real-time user verification (to detect masquerading).
2.1.2 Inappropriate Access to LAN Resources
One of the benefits of using a LAN is that many resources are readily available to many users,
rather than each user having limited dedicated resources. These resources may include file stores,
applications, printers, data, etc. However, not all resources need to be made available to each
user. To prevent compromising the security of the resource (i.e. corrupting the resource, or
lessening the availability of the resource), only those who require the use of the resource should
be permitted to utilize that resource. Unauthorized access occurs when a user, legitimate or
unauthorized, accesses a resource that the user is not permitted to use. Unauthorized access may
occur simply because the access rights assigned to the resource are not assigned properly.
However, unauthorized access may also occur because the access control mechanism or the
privilege mechanism is not granular enough. In these cases, the only way to grant the user the
needed access rights or privileges to perform a specific function is to grant the user more access
than is needed, or more privileges than are needed. Unauthorized access to LAN resources can
occur by exploiting the following types of vulnerabilities:
use of system default permission settings that are too permissive to users,
improper use of administrator or LAN manager privileges,
data that is stored with an inadequate level or no protection assigned,
lack of or the improper use of the privilege mechanism for users,
PCs that utilize no access control on a file level basis.
12