Cover V11, I12

Article

dec2002.tar

syslog

According to the SANS Institute (http://www.sans.org), "the majority of the successful attacks on operating systems come from only a few software vulnerabilities. This can be attributed to the fact that attackers are opportunistic, take the easiest and most convenient route, and exploit the best-known flaws with the most effective and widely available attack tools. They count on organizations not fixing the problems, and they often attack indiscriminately, scanning the Internet for any vulnerable systems."

To help administrators identify and prioritize weaknesses in the systems they maintain, SANS has developed the following list of Top Vulnerabilities to UNIX Systems:

  • Remote Procedure Calls (RPC)
  • Apache Web Server
  • Secure Shell (SSH)
  • Simple Network Management Protocol (SNMP)
  • File Transfer Protocol (FTP)
  • R-Services -- Trust Relationships
  • Line Printer Daemon (LPD)
  • Sendmail
  • BIND/DNS
  • General UNIX Authentication -- Accounts with No Passwords or Weak Passwords

These Top Vulnerabilities are actually part of a larger Top Twenty List; the other half lists the ten most commonly exploited Windows services. The SANS site states that "the list is sorted by service because in many cases a single remedy -- disabling the service, upgrading to the most recent version, applying a cumulative patch -- can quickly solve dozens of specific software flaws, which might show up on a scanner. This list is designed to help alleviate that problem by combining the knowledge of dozens of leading security experts."

Besides identifying these weaknesses, the Top Twenty document provides detailed information about the systems affected, how to determine whether your system is vulnerable, how to protect against the specific vulnerability, and pointers to additional information. The SANS site also specifies some tools and services that can help you find the Top Twenty vulnerabilities on your systems and networks. These include both free (Nessus and SARA) and commercial (from Foundstone and from ISS) software and commercial services (from Qualys). According to the SANS Web site, the list will be updated with additional information and vulnerabilities as they are identified. To find out more about the new list or to provide feedback to the SANS team, see http://www.sans.org/top20/.

Sincerely yours,

Amber Ankerholz
Editor in Chief