4 April 2002 Nearly 70% of attacks on computer networks used web server port 80 during the first quarter of 2002, according to security software and services vendor Internet Security Systems (ISS).
Port 80 is primarily used for Internet traffic – sending web pages and other documents over the Internet, based on the hyper text transfer protocol (HTTP). Unless it is protected, organisations using port 80 to handle their web traffic could be vulnerable to an attack.
To reduce this threat, they need to take a number of measures, such as turning off web server functions that are not in use, says ISS. In addition, ISS recommends installing intrusion detection software in order to keep a closer watch over port 80 and to sound an alarm over any dubious activity. A number of open source packages are available that can do this, including TripWire and Snort.
ISS also highlights the additional threat to organisations from “hybrid” attacks. Hybrid threats combine a viral payload with multiple automated attack scripts such as the Nimda and Code Red computer worms, which wreaked havoc with IT systems in the second-half of 2001.
ISS monitored more than 7.5 million hybrid related attacks during the first quarter of 2002. In fact, both Code Red and Nimda, which alone registered 3,500 attacks per hour in early 2002, are still going strong as a result of organisations running unpatched Microsoft Windows NT and 2000 operating systems.
Despite an increased awareness of security issues, many organisations are lagging. ISS warned: “Organisations that have carefully assessed the effectiveness of their Internet risk counter-measures but have not improved network, server and desktop protection since the beginning of last quarter have fallen behind the threat curve and may experience a security incident.”