 syslog
The SANS Institute recently updated and expanded their Top 10 Most
Critical Internet Security Threats List. The new list identifies the
Top Twenty vulnerabilities and is divided into three categories: General,
Windows, and UNIX vulnerabilities. The vulnerabilities identified
are:
General:
G1 -- Default installs of operating systems and applications
G2 -- Accounts with No Passwords or Weak Passwords
G3 -- Non-existent or Incomplete Backups
G4 -- Large number of open ports
G5 -- Not filtering packets for correct incoming and outgoing
addresses
G6 -- Non-existent or incomplete logging
G7 -- Vulnerable CGI Programs
Windows:
W1 -- Unicode Vulnerability (Web Server Folder Traversal)
W2 -- ISAPI Extension Buffer Overflows
W3 -- IIS RDS exploit (Microsoft Remote Data Services)
W4 -- NETBIOS - unprotected Windows networking shares
W5 -- Information leakage via null session connections
W6 -- Weak hashing in SAM (LM hash)
UNIX:
U1 -- Buffer Overflows in RPC Services
U2 -- Sendmail Vulnerabilities
U3 -- BIND Weaknesses
U4 -- R commands
U5 -- lpd Remote print protocol daemon
U6 -- sadmind and mountd
U7 -- Default SNMP strings
Besides identifying weaknesses, the Top Twenty document provides
instructions for correcting these system flaws. According to the
SANS Web site, the list will be updated with additional information
and vulnerabilities as they are identified. For each described vulnerability,
the document now provides detailed information about the systems
impacted, CVE entries (see cve.mitre.org for more information),
how to determine whether your system is vulnerable, and how to protect
against it.
The list also provides an appendix specifying commonly probed
ports. SANS cautions that blocking these ports is only a minimum
requirement for perimeter security, not a comprehensive firewall
specification list. Also, blocking these ports does not constitute
a comprehensive security solution. According to the site, "Even
if the ports are blocked, an attacker who has gained access to your
network via other means (a dial-up modem, a Trojan email attachment,
or a person who is an organization insider, for example) can exploit
these ports if not properly secured on every host system in your
organization."
For comprehensive information about the new Top Twenty list, please
see the SANS Web site at: www.sans.org.
Sincerely yours,
Amber Ankerholz
Editor in Chief
| 
