In the late 1980s and early 1990s, the typical intrusion was fairly
straightforward. Intruders most often exploited relatively simple weaknesses,
such as poor passwords and misconfigured systems, that allowed greater access to
the system than was intended. Once on a system, the intruders exploited one or
another well-known, but usually unfixed, vulnerability to gain privileged
access, enabling them to use the system as they wished.
There was little need to be more sophisticated because these simple
techniques were effective. Vendors delivered systems with default settings that
made it easy to break into systems. Configuring systems in a secure manner was
not straightforward, and many system administrators did not have the time,
expertise, or tools to monitor their systems adequately for intruder activity.
Unfortunately, all these activities continue in 1996; however, more
sophisticated intrusions are now common. In eight years of operation, the CERT
Coordination Center has seen intruders demonstrate increased technical
knowledge, develop new ways to exploit system vulnerabilities, and create
software tools to automate attacks. At the same time, intruders with little
technical knowledge are becoming more effective as the sophisticated intruders
share their knowledge and tools.
Internet FAQ top