Workstations and home PCs may not be as prone to attack as
networks or servers, but since they often contain sensitive data,
such as credit card information, they are targeted by system
crackers. Workstations can also be co-opted without the user's
knowledge and used by attackers as "slave" machines in coordinated
attacks. For these reasons, knowing the vulnerabilities of a
workstation can save users the headache of reinstalling the
operating system, or worse, recovering from data theft.
Bad passwords are one of the easiest ways for an attacker to
gain access to a system. For more on how to avoid common pitfalls
when creating a password, refer to Section 4.3 Password
Security.
Although an administrator may have a fully secure and patched
server, that does not mean remote users are secure when accessing
it. For instance, if the server offers Telnet or FTP services over
a public network, an attacker can capture the plain text usernames
and passwords as they pass over the network, and then use the
account information to access the remote user's workstation.
Even when using secure protocols, such as SSH, a remote user may
be vulnerable to certain attacks if they do not keep their client
applications updated. For instance, v.1 SSH clients are vulnerable
to an X-forwarding attack from malicious SSH servers. Once
connected to the server, the attacker can quietly capture any
keystrokes and mouse clicks made by the client over the network.
This problem was fixed in the v.2 SSH protocol, but it is up to the
user to keep track of what applications have such vulnerabilities
and update them as necessary.
Chapter 4 Workstation
Security discusses in more detail what steps administrators
and home users should take to limit the vulnerability of computer
workstations.
