Cover V10, I12

Article

dec2001.tar

syslog

The SANS Institute recently updated and expanded their Top 10 Most Critical Internet Security Threats List. The new list identifies the Top Twenty vulnerabilities and is divided into three categories: General, Windows, and UNIX vulnerabilities. The vulnerabilities identified are:

General:
G1 -- Default installs of operating systems and applications
G2 -- Accounts with No Passwords or Weak Passwords
G3 -- Non-existent or Incomplete Backups
G4 -- Large number of open ports
G5 -- Not filtering packets for correct incoming and outgoing addresses
G6 -- Non-existent or incomplete logging
G7 -- Vulnerable CGI Programs

Windows:
W1 -- Unicode Vulnerability (Web Server Folder Traversal)
W2 -- ISAPI Extension Buffer Overflows
W3 -- IIS RDS exploit (Microsoft Remote Data Services)
W4 -- NETBIOS - unprotected Windows networking shares
W5 -- Information leakage via null session connections
W6 -- Weak hashing in SAM (LM hash)

UNIX:
U1 -- Buffer Overflows in RPC Services
U2 -- Sendmail Vulnerabilities
U3 -- BIND Weaknesses
U4 -- R commands
U5 -- lpd Remote print protocol daemon
U6 -- sadmind and mountd
U7 -- Default SNMP strings

Besides identifying weaknesses, the Top Twenty document provides instructions for correcting these system flaws. According to the SANS Web site, the list will be updated with additional information and vulnerabilities as they are identified. For each described vulnerability, the document now provides detailed information about the systems impacted, CVE entries (see cve.mitre.org for more information), how to determine whether your system is vulnerable, and how to protect against it.

The list also provides an appendix specifying commonly probed ports. SANS cautions that blocking these ports is only a minimum requirement for perimeter security, not a comprehensive firewall specification list. Also, blocking these ports does not constitute a comprehensive security solution. According to the site, "Even if the ports are blocked, an attacker who has gained access to your network via other means (a dial-up modem, a Trojan email attachment, or a person who is an organization insider, for example) can exploit these ports if not properly secured on every host system in your organization."

For comprehensive information about the new Top Twenty list, please see the SANS Web site at: www.sans.org.

Sincerely yours,

Amber Ankerholz
Editor in Chief

Ê