dcsimg

ISS Releases Q2 2002 Internet Risk Impact Summary Report

By ServerWatch Staff (Send Email)
Posted Jun 28, 2002


Internet Security Systems (ISS), a provider of information protection solutions, has released its Internet Risk Impact Summary Report (IRIS) for the second quarter of 2002. Internet Security Systems' IRIS provides cyber-attack trends based on the industry's largest number of monitored security devices, actual attacks detected and researched vulnerabilities. Internet Security Systems' IRIS provides cyber-attack trends based on the industry's largest number of monitored security devices, actual attacks detected and researched vulnerabilities.

The report includes statistical data and trend analysis derived from network and server-based intrusion detection sensors monitoring major multinational networks around-the-clock on four continents.

Here's a summary of the report's findings:

  • Risk Levels: Average risk level for second quarter 2002 continued to signal that a completely unprotected network device will be compromised in less than a day after connecting it to the Internet. April and May were relatively normal with only modest additional risk noted. June experienced a significant risk increase due to the well-publicized vulnerabilities and associated exploits for Apache Web server and Open SSH. The Apache vulnerabilities may lead to modified Web content, denial of service, or further compromise. Apache accounts for over 63 percent of all active Web sites. A serious vulnerability in the default installation of Open SSH on the OpenBSD operating system jeopardizes a secure replacement for protocols such as Telnet, Rlogin, Rsh, and Ftp by making them vulnerable to a remote, superuser compromise.
  • Hybrid Threats: Hybrid threats continue to pose the most significant online risk as previously reported. The Nimda worm continued to be the dominant, expensive and enduring hybrid threat in spite of a modest decrease in Nimda hits per hour as compared to the last reporting period. This slight change can be attributed to better clean-up efforts and more effective security measures. Most of the ongoing Nimda attacks are attributed to infected machines in small businesses and homes.
  • Vulnerabilities: During the quarter, 610 new vulnerabilities were uncovered and documented by the X-Force. These vulnerabilities included a major common flaw in Microsoft's SQL Server, which enables attackers to cause SQL Server services to fail or allow unauthorized access to the system. The most serious vulnerability and exploitation pair during this reporting period, though, was in the extremely popular open-source Apache Web server application. This vulnerability and exploitation may pose one of the most serious risks to Internet connectivity due to its ability to allow remote control of an undetermined number of Apache Web servers.
  • Destination Ports: Virtually unchanged from the first quarter report, nearly 70 percent of all attacks in the second quarter of 2002 used port 80, a common port devoted to Web traffic. A significant new port, port 1433, showed activity associated with the recently announced SQL worm. Over half a million SQL worm events from over 7,500 different sources were recorded this quarter proving a good example of a known weakness being exploited by a worm that automatically seeks out a weakness and exploits it instantly. Also of note, this reporting period recorded an increase in scans targeting networks running port 21 (File Transfer Protocol or FTP), which is one of the oldest protocols and one of the most commonly exploited services on the Internet.

  • Page 1 of 1


    Comment and Contribute

    Your name/nickname

    Your email

    (Maximum characters: 1200). You have characters left.