Unauthorized LAN Access

LANs provide file sharing, printer sharing, file storage sharing, etc. Because resources are shared and not used solely by one individual there is need for control of the resources and accountability for use of the resources. Unauthorized LAN access occurs when someone, who is not authorized to use the LAN, gains access to the LAN (usually by acting as a legitimate user of LAN).

Three common methods used to gain unauthorized access are password sharing, general password guessing and password capturing. Password sharing allows an unauthorized user to have the LAN access and privileges of a legitimate user; with the legitimate user’s knowledge and acceptance.

General password guessing is not a new means of unauthorized access. Password capturing is a process in which a legitimate user unknowingly reveals the user’s login ID and password. This may be done through the use of a trojan horse program that appears to the user as a legitimate login program; however, the trojan horse program is designed to capture passwords.

Capturing a login ID and password as it is transmitted across the LAN unencrypted is another method used to ultimately gain access. The methods to capture cleartext LAN traffic, including passwords, is readily available today. Unauthorized LAN access can occur by exploiting the following types of vulnerabilities:

  • Lack of, or insufficient, identification and authentication scheme.
  • Password sharing.
  • Poor password management or easy to guess passwords.
  • Using known system holes and vulnerabilities that have not been patched.
  • Single-user PCs that are not password protected at boot time.
  • Underutilized use of PC locking mechanisms.
  • LAN access passwords that are stored in batch files on PCs.
  • Poor physical control of network devices.
  • Unprotected modems.
  • Lack of a time-out for login time period and log of attempts.
  • Lack of disconnect for multiple login failures and log of attempts.
  • Lack of ’last successful login date/time’ and ‘unsuccessful login attempt’ notification and log.
  • Lack of real-time user verification (to detect masquerading).