T 2.24 Loss of confidentiality of sensitive data of the network to be protected
When a network that is not protected by a firewall is connected to an external network such as the Internet, it is possible to call up various data in the internal network such as e-mail addresses, IP numbers, computer names, and user names from the external network. This data could be used to deduce information on the internal architecture of the network and on its users. The more information an attacker has on potential targets for attack, the more opportunities for attack are available to the attacker. If an attacker knows the user names set up on an IT system, then he/she can attempt to guess the corresponding passwords or try to crack the password using dictionary attacks (see T 5.18 Systematic trying-out of passwords).