The annual reported number for unauthorized computer access for 2006 was 331 which decreased about 36% from 515 for the previous year. The following graph shows the shift in reported number accepted by IPA Security Center over the past 10 years.

For the 2006, the reported number for access probe was drastically decreased compared with the one in the 2005. The entire reported number was drastically decreased; however, the reported number for actual damage showed subtle decline (about 8%).

*1) “Access Probe (Attempt)” specifies that there are some attempts in relation to unauthorized computer access have been realized in server/firewall logs.
*2) Worm Probe refers there is not any of damage by infection even detected a certain access by worm(s).

The following graph and chart are the types of damage contents for actually damaged in the entire reports. The number of damage contents showed subtle increase of about 11%. Number of damage reports relevant to alteration/modification of files (including embedding malicious codes) and homepages were reported.

* Since actual reported number may contain multiple damage contents, the number of damage contents may not equal to the total of damage contents, accordingly.

As for the breakdown of reporters, the ratio from individual reporter was decreased , but was still taken over 58% among entire type of reporters. In contrary, the ratio from general corporation and education/research institution were increased: particularly, the number of reports from education/research institution was increasing. As for the entire tendency, it can be assumed that unauthorized computer accesses for attacks targeting corporations or individual users nondiscriminatory were unchangeably many.

Upon categorizing the reports for actually damaged by damage cause, insufficient ID/password management/configuration with 46 (cases) (28%), use of older version of patches/non-installation of patches with 31 (19%), insufficient configuration with 6 (4%) were the major causes of damage. There were 57 (35%) for which cause could not be identified: it can be assumed that there were number of instances for which causes were hardly identifiable and the methods for unauthorized computer accesses were getting sophisticated, as well.

As for the features of 2006, such damages intruding into system to attack the port used for SSH (the main cause was insufficient ID/password configuration) and exploiting vulnerability of Web and/or applications were outstandingly many. However, most of them were able to prevent if fundamental security measures were conducted. Accordingly, system administrators should confirm following items from the viewpoint of fundamental security to reconstruct comprehensive countermeasures.

• Strict management/configuration of ID and password
• Resolving security holes (preventive measures by operation is also included in case impossible to apply patches)
• Configuration of routers/firewalls and/or configuration of access control
• Frequently checking logs

In addition to the above mentioned, individual users should conduct following measures routinely.

• Updating of OSs and application software such as Windows Update and/or Office Update
• Configuration/management of your password (i.e., get it complexity, change it periodically, keep it secret from third person/party, etc.)
• Confirming security configuration of wireless LAN and/or pc share
• Activation of routers/firewalls

For System Administrators

• “How to establish secured Web sites, revised, the second ver.” (in Japanese)
  http://www.ipa.go.jp/security/vuln/websecurity.html
• “The benchmark for information security countermeasures” (in Japanese)
  http://www.ipa.go.jp/security/benchmark/
• “Practical information for information security countermeasures for system administrators” (in Japanese)
  http://www.ipa.go.jp/security/awareness/administrator/administrator.html
• “Practical information for information security countermeasures for SOHO users” (in Japanese)
  http://www.ipa.go.jp/security/awareness/soho/soho.html
• “Self-check sheet for security countermeasures” (in Japanese)
  http://www.ipa.go.jp/security/ciadr/checksheet.html
• “The point to be checked for vulnerability countermeasures” (in Japanese)
  http://www.ipa.go.jp/security/vuln/20050623_websecurity.html
• “Countermeasures to prevent damages from unauthorized computer access” (in Japanese)
  http://www.ipa.go.jp/security/ciadr/cm01.html
• “Vulnerability information from the other organizations” (in Japanese)
  http://www.ipa.go.jp/security/news/news.html

For End Users/SOHO (Home) Users

• “Practical information for information security countermeasures for end users/home users” (in Japanese)
  http://www.ipa.go.jp/security/awareness/end-users/end-users.html
• “Mandatory security countermeasures to protect your computer (Microsoft)”
  http://www.microsoft.com/japan/athome/security/protect/default.aspx

IT Security Center, Information-technology Promotion Agency, Japan (IPA/ISEC)
Tel:+81-3-5978-7527
Fax:+81-3-5978-7518
E-mail: