NTA Monitor

Latest News

Will IE6 be the next NT4?

1st October 2009 All penetration testers will remember the long tail of Windows NT 4.0, and how this operating system continued to be used long past the point when security updates stopped at the end of 2004. For many years the presence of an unpatchable NT4 server was a common issue in a penetration test report, and it is only now, almost five years after security support ended, that finding an NT4 system on a network is becoming a rare event. Read More

One in four web applications susceptible to high risk security flaws

7th September 2009 NTA Monitor has reported a 10% increase in the total number of web applications found to have at least one high-risk security issue... Read More

Organisations facing a changing threat landscape

20th July 2009 According to NTA Monitor's 2009 Annual Security Report, the average number of Internet security vulnerabilities is on the rise... Read More

The Return of the Insider Threat

1st July 2009 When NTA started security testing twelve years ago, the main focus was on the insider threat. There were many reports with statistics showing that most security breaches were due to insiders. By contrast there was very little focus on the external threat via Internet and third-party network links. Back then many companies did not even have a firewall. Read More

NTA Monitor's Annual Security Report 2006 released

NTA Monitor's 2006 Annual Security Report reveals that education is the most vulnerable sector to network attacks. Tests were conducted on a variety of sectors, including charities, education, finance, government, IT and retail.

The report discovered that 61% of companies tested have one or more high risk vulnerability in their Internet connections. NTA classifies a high risk flaw as a vulnerability that allows unauthorised external users to obtain system access. The vulnerability is widely known and actively exploited by hackers, leaving companies susceptible to Denial of Service attacks or remote system compromise.

Roy Hills, Technical Director at NTA Monitor, says: "The majority of the high risk flaws found were service specific, relating to the services that were accessible within the gateways tested. Nine of the ten most commonly occurring high risk issues fell within this area, with the remaining issue being Internet router related. An attacker who was aware of the programs being used and their flaws could exploit those vulnerabilities to gain network access or launch a Denial of Service attack."

The report analyses data gathered from vulnerability tests conducted by NTA Monitor during 2005 on UK and international companies in a wide range of industry sectors, including charities, education, finance, government, IT, law and retail. The industry sector with the highest number of vulnerabilities was education, with an average of 61 risks per test, followed by government with an average of 26 risks per test. The lowest number of risks per industry sector was found in the mining sector and housing associations, which each had an average of 11 risks per test.

Hills continues: "Of the companies tested, 99% had one or more informational risks indicating that typically companies have poor security housekeeping policies or lack the knowledge of how some Internet mechanisms work. These companies need to tighten their procedures and fix flaws as soon as they are discovered to further minimise the risk of attack."

Overall, the 2006 Annual Security Report findings show that although organisations tested have taken steps to reduce the amount of high risk security vulnerabilities on their networks, they are still too common, leaving companies and public sector organisations unnecessarily vulnerable.

You can request the full report from NTA Monitor by emailing marketing@nta-monitor.com.

This article was first released on: 28th June 2006