HostedDB - Dedicated UNIX Servers
fips191_10 FIPS PUB 191 readily available today.   Unauthorized LAN access can occur by exploiting the following types of vulnerabilities: •   lack of, or insufficient, identification and authentication scheme, •   password sharing, •   poor password management or easy to guess passwords, •   using known system holes and vulnerabilities that have not been patched, •   single-user PCs that are not password protected at boot time, •   underutilized use of PC locking mechanisms, •   LAN access passwords that are stored in batch files on PCs, •   poor physical control of network devices, •   unprotected modems, •   lack of a time-out for login time period and log of attempts, •   lack of disconnect for multiple login failures and log of attempts, •   lack of ’last successful login date/time’ and ’unsuccessful login attempt’ notification and log, •   lack of real-time user verification (to detect masquerading). 2.1.2 Inappropriate Access to LAN Resources One of the benefits of using a LAN is that many resources are readily available to many users, rather than each user having limited dedicated resources.  These resources may include file stores, applications, printers, data, etc.   However, not all resources need to be made available to each user.    To  prevent  compromising  the  security  of  the  resource  (i.e.  corrupting  the  resource,  or lessening the availability of the resource), only those who require the use of the resource should be  permitted  to  utilize  that  resource.   Unauthorized  access  occurs  when  a  user,  legitimate  or unauthorized, accesses a resource that the user is not permitted to use.  Unauthorized access may occur  simply  because  the  access  rights  assigned  to  the  resource  are  not  assigned  properly. However,  unauthorized  access  may  also  occur  because  the  access  control  mechanism  or  the privilege mechanism is not granular enough.   In these cases, the only way to grant the user the needed access rights or privileges to perform a specific function is to grant the user more access than is needed, or more privileges than are needed. Unauthorized access to LAN resources can occur by exploiting the following types of vulnerabilities: •   use of system default permission settings that are too permissive to users, •   improper use of administrator or   LAN manager privileges, •   data that is stored with an inadequate level or no protection assigned, •   lack of or the improper use of the privilege mechanism for users, •   PCs that utilize no access control on a file level basis. 12