The Fifth Annual Monitor Security Audit, published last month by internet security company NTA Monitor, found that risks present on corporate firewalls tested by NTA have risen by almost a fifth (17%) since 2000.
Almost a third (31%) of companies tested by NTA Monitor in its Regular Monitor security testing service during 2002 are leaving their networks vulnerable to attack by installing firewall VPNs in their default configuration or by failing to follow best practice security principles.
Roy Hills, technical director of NTA Monitor, said:
"One of the most frequently discovered lower priority flaws leaves internet routers exposed to trivial denial of service attacks, preventing any traffic from entering or leaving the site."
"Disruption at this level has an enormous effect on operations - preventing staff sending or receiving external e-mails, customers from buying off your e-commerce site, partners from accessing extranet information, or remote VPN sites from accessing central files and databases. Annoyance aside, such downtime results in loss of productivity coupled with direct and indirect financial losses."
The most common security risk relates to basic mistakes in the firewall management and the configuration of VPN services, allowing the VPN to be located and profiled, according to a follow-up report issued on Friday.
Hills said,
"The critical nature of data access over VPNs and the operational reliance on up-time of the corporate firewall means that corporates should ensure firewalls are installed and configured correctly. It is a key security principle to keep your firewall and remote connections hidden from unauthorised users - if a firewall can't be detected then it can't be hacked."
According to NTA Monitor, by polling the services offered on standard proprietary ports a hacker can identify the type of firewall VPN installed (and occasionally the version). Having identified the firewall, a hacker can target it for known exploits or maintain a record of its profile to run against new threats.
NTA Monitor advises firms wherever possible to keep firewalls and remote connections hidden to all but authorised IP addresses to prevent access by unauthorised users. It also recommends that firms avoid allowing access to sequential IP address ranges that could be predicted.
A best practice guide on securing a firewall VPN has been published by the company and is available at:
www.nta-monitor.com/vpn/good-practice.htm