syslog
According to the SANS Institute (http://www.sans.org), "the
majority of the successful attacks on operating systems come from
only a few software vulnerabilities. This can be attributed to the
fact that attackers are opportunistic, take the easiest and most
convenient route, and exploit the best-known flaws with the most
effective and widely available attack tools. They count on organizations
not fixing the problems, and they often attack indiscriminately,
scanning the Internet for any vulnerable systems."
To help administrators identify and prioritize weaknesses in the
systems they maintain, SANS has developed the following list of
Top Vulnerabilities to UNIX Systems:
- Remote Procedure Calls (RPC)
- Apache Web Server
- Secure Shell (SSH)
- Simple Network Management Protocol (SNMP)
- File Transfer Protocol (FTP)
- R-Services -- Trust Relationships
- Line Printer Daemon (LPD)
- Sendmail
- BIND/DNS
- General UNIX Authentication -- Accounts with No Passwords
or Weak Passwords
These Top Vulnerabilities are actually part of a larger Top Twenty
List; the other half lists the ten most commonly exploited Windows
services. The SANS site states that "the list is sorted by
service because in many cases a single remedy -- disabling the
service, upgrading to the most recent version, applying a cumulative
patch -- can quickly solve dozens of specific software flaws,
which might show up on a scanner. This list is designed to help
alleviate that problem by combining the knowledge of dozens of leading
security experts."
Besides identifying these weaknesses, the Top Twenty document
provides detailed information about the systems affected, how to
determine whether your system is vulnerable, how to protect against
the specific vulnerability, and pointers to additional information.
The SANS site also specifies some tools and services that can help
you find the Top Twenty vulnerabilities on your systems and networks.
These include both free (Nessus and SARA) and commercial (from Foundstone
and from ISS) software and commercial services (from Qualys). According
to the SANS Web site, the list will be updated with additional information
and vulnerabilities as they are identified. To find out more about
the new list or to provide feedback to the SANS team, see http://www.sans.org/top20/.
Sincerely yours,
Amber Ankerholz
Editor in Chief
|