Monthly newsletter Weekly news roundup Breaking news notification      

Top twenty Internet security vulnerabilities

The US Department of Homeland Security, the UK National Infrastructure Security Coordination Centre (NISCC), and the Government of Canada's Office of Critical
Infrastructure Protection and Emergency Preparedness (OCIPEP), along with the SANS Institute, yesterday released a list of the Internet security vulnerabilities that are most commonly exploited by hackers. The list defines an absolute minimum level of security protection for computers that may be connected to networks. Hundreds of automated attack programs take advantage of these vulnerabilities, so their elimination is essential as a first line of defence to protect the privacy of information stored on systems and to avoid having systems taken over and used in attacks on other victims.

Get free weekly news by e-mail“Internet vulnerabilities, or weaknesses, are a global problem. They affect all of us - from corporate giants to home users. It is therefore vital that we continue to tackle this problem,” said Steve Cummings, director of NISCC. He went on to say, “Our colleagues at the SANS institute have been undertaking essential work and we have been pleased to add our own expertise. We have helped to produce descriptions and remedial advice.”

The Top 20 team not only listed the vulnerabilities, but under director Erik Kamerling, the team also developed a consensus guide explaining the vulnerabilities and showing how to correct each of them. The guide and the list is available at www.sans.org/top20

The top twenty list is as follows:

Top vulnerabilities to Windows systems
• W1 Internet Information Services (IIS)
• W2 Microsoft SQL Server (MSSQL)
• W3 Windows Authentication
• W4 Internet Explorer (IE)
• W5 Windows Remote Access Services
• W6 Microsoft Data Access Components (MDAC)
• W7 Windows Scripting Host (WSH)
• W8 Microsoft Outlook Outlook Express
• W9 Windows Peer to Peer File Sharing (P2P)
• W10 Simple Network Management Protocol (SNMP)

Top vulnerabilities to UNIX systems
• U1 BIND Domain Name System
• U2 Remote Procedure Calls (RPC)
• U3 Apache Web Server
• U4 General UNIX Authentication Accounts with No Passwords or Weak Passwords
• U5 Clear Text Services
• U6 Sendmail
• U7 Simple Network Management Protocol (SNMP)
• U8 Secure Shell (SSH)
• U9 Misconfiguration of Enterprise Services NIS/NFS
• U10 Open Secure Sockets Layer (SSL).

Date: 14th October 2003 •Region:UK/N.America/ Worldwide •Type: Article •Topic: ISM
Rate this article or make a comment - click here


Copyright 2003 Portal Publishing LtdPrivacy policyContact usSite mapNavigation help