fips191_9
FIPS PUB 191
civil law suits, fines, loss of human life or other long term effects. Consequences of threats will
be discussed in Section 3, Risk Management. The approach taken here is to categorize the types
of impacts that can occur on a LAN so that specific technical threats can be grouped by the
impacts and examined in a meaningful manner. For example, the technical threats that can lead
to the impact LAN traffic compromise in general can be distinguished from those threats that
can lead to the impact disruption of LAN functionalities. It should be recognized that many
threats may result in more than one impact; however, for this discussion a particular threat will
be discussed only in conjunction with one impact. The impacts that will be used to categorize
and discuss the threats to a LAN environment are:
Unauthorized LAN access - results from an unauthorized individual gaining access to the
LAN.
Inappropriate access to LAN resources - results from an individual, authorized or
unauthorized, gaining access to LAN resources in an unauthorized manner.
Disclosure of data - results from an individual accessing or reading information and possibly
revealing the information in an accidental or unauthorized intentional manner.
Unauthorized Modification to data and software - results from an individual modifying,
deleting or destroying LAN data and software in an unauthorized or accidental manner.
Disclosure of LAN traffic - results from an individual accessing or reading information and
possibly revealing the information in an accidental or unauthorized intentional manner as it
moves through the LAN.
Spoofing of LAN traffic - results when a message appears to have been sent from a
legitimate, named sender, when actually the message had not been.
Disruption of LAN functions - results from threats that block LAN resources from being
available in a timely manner.
2.1.1 Unauthorized LAN Access
LANs provide file sharing, printer sharing, file storage sharing, etc. Because resources are shared
and not used solely by one individual there is need for control of the resources and accountability
for use of the resources. Unauthorized LAN access occurs when someone, who is not authorized
to use the LAN, gains access to the LAN (usually by acting as a legitimate user of LAN). Three
common methods used to gain unauthorized access are password sharing, general password
guessing and password capturing. Password sharing allows an unauthorized user to have the LAN
access and privileges of a legitimate user; with the legitimate users knowledge and acceptance.
General password guessing is not a new means of unauthorized access. Password capturing is
a process in which a legitimate user unknowingly reveals the users login id and password. This
may be done through the use of a trojan horse program that appears to the user as a legitimate
login program; however, the trojan horse program is designed to capture passwords. Capturing
a login id and password as it is transmitted across the LAN unencrypted is another method used
to ultimately gain access. The methods to capture cleartext LAN traffic, including passwords, is
11