SANS/FBI Names Top 20 Network Threats - InternetNews.com

REALTIME IT NEWS

Blogs | 7 Day Summary | JustTechJobs

Hardware
- Gartner Projects Modest PC ...
- Memory Market Due for Big ...
- Google Aims Chrome OS at ...
Software
- IBM's Surprising Social ...
- Zero-Day Exploit a Threat to ...
- Leaked Slides: Windows 8 ...
Mobility
- Many Enterprises Clueless on ...
- Report: Droid, Motorola Big ...
- Second iPhone Worm Targets ...
Web Content
- Web Video Play Joost Calls ...
- Google, TiVo Deal on Data ...
- LinkedIn Opens Platform for ...
Search
- Yahoo Adds Twitter to News ...
- Factery Aims to Go Beyond ...
- Microsoft, Google Put the ...
Government
- Tech's H-1B Hiring Faces ...
- Oracle Gets a One-Week ...
- House Panel Moves Closer to ...
Developer
- Windows 7: From Beta to ...
- Google Shows Off Chrome OS, ...
- Microsoft Shows Off ...
Business
- Apple Joins AT&T/Verizon ...
- EDS Helps HP Exceeds Profit ...
- Ciena Wins Nortel Carrier ...
Storage
- Inside Western Digital's New ...
- Google Drops Storage Prices ...
- Cisco, VMware, EMC Forge ...
E-Commerce
- SideJackers Gear Up for ...
- Nielsen Forecasts Coal in ...
- Senate Panel Blasts ...
Networking
- VeriSign Boasts Tenfold ...
- HP Adds ProCurve One ...
- Brocade: Big Bandwidth, ...

Blogs
Most Popular
Hot Topics
Opinion

Ask.com heading back to the future

Details on new Intel chips leak out

Opera 10.10 browser released with built-in web server

Most U.S businesses not setup for remote workers?

Google Chrome gets Silverlight support on Macs

Google laughs off the 'Osborne Effect'

Blue Coat securing local networks with the Cloud

PHP 5.3.1 released for 5 security flaws, 113 bugs

Fedora 12 updates package installation policy

Mozilla earned $78.6 million in 2008

[ More ]

Subscribe
Learn More
Stats
Contact Staff

Select a newsletter and click Join to sign up!

InternetNews.com Podcast

InternetNews.com
Channel XML/RSS Feeds

InternetNews.com

IT Business News

Software IT News

Hardware IT News

Government News

Enterprise IT Planet News

Networking News

IT Security News

Web Content News

Click a Topic to Expand

The Social Web

The New Idiot Box

Feeling the Need for RSS Feeds

Apple vs. Bloggers

Enterprise Web 2.0

Politics And Web 2.0

Web Services Management

Web services: Evolution or Revolution

Making Money Off The Social Web

The Lure of The Social Network

The Privacy of Social Networking

My Grand Google Obsession

Coding Google's Future

Google Fun in The Summer

Google Pushes Apps

Google's Data Ambitions

Google's Way With Words

Google, Opponents Square Off in DoubleClick Bid

Microsoft's Past Present And Future

The Vista Ripple Effect

A New Era For Microsoft

Eolas, Microsoft Duke it Out over ActiveX

Microsoft Preps Security Makeover for XP

Microsoft's Security Challenge

Microsoft's Storage Ambitions

Microsoft, AOL Become Partners

Microsoft/Yahoo: Can It Work?

Sun, Microsoft Bandage Old Wounds

The Next Microsoft Era

Truth Time at Microsoft's PDC

XML, Microsoft Threaten Adobe's PDF Format

Will Office 2003 Change Everything?

Mobile Universe

Motorola in Trouble

City-Wide Wi-Fi

Connected in The Windy City

Ultrawideband in the Home

Wi-Fi's Hotspots

CTIA in The Big Easy

Technology, Policy and Politics

3G at Home and Abroad

The Competitive Mobile Landscape

CTIA: A Wireless World in Sin City

Gadget Fest: CTIA Wireless 2008

Wireless Policy in Washington

Cradle to Grave Information Management

Disaster Recovery and Continuity

The Storage Compliance Boom

Compliance, Regulation And Storage

Calling all Clusters, Supercomputers

Database Software Continues to Evolve

Tech's Legal Battles

Google in Court

RIM Has Patent Issues

Microsoft In Court

Technology in the Courts

End of the IE Antitrust Case

Microsoft's Legal Struggles

The AMD/Intel Antitrust Showdown

A Patent Battle on eBay Territory

Google, Microsoft and Yahoo's Three-Way Search Battle

Calling Net Neutrality

Microsoft's EU Blues

Vonage on The Patent Hot Seat

Platforms and New Packages

VMware and the Virtualization Craze

Virtualization for All

SOAs in The Enterprise

Application Server Biz on the Rebound

Curtain Drawn on Windows Server 2003

SaaS in The Market

Struggling to Stay Atop the Server Market

Web Standards Bodies Fight for Freedom

Open Source Ecosystem

Microsoft: Loosening the Grip on Source

Showcasing Java

Sun a 'Tiger' at JavaOne

The Future of Java

GPL: Software Freedom Redefined

Linux in the Enterprise

Linux on the Desktop

LinuxWorld 04: A More Mature Tux

LinuxWorld Storms San Francisco

LinuxWorld Takes Boston

LinuxWorld by the Bay

Oracle's Linux Realm

SCO Declares War on Linux

The Growth of Linux-Based Storage

The Linux Kernel

Novell, Microsoft in Open Dance

Open Source Open for Business

Open-source Databases Gathering Steam

Oracle Plants Flag at OpenWorld 2006

Evolution of Search

Competing for the Search Lead

Enterprise Search Ready for Prime Time

Mobile Search Takes Flight

Racing To Dominate Desktop Search

Search And Censorship

Search Engine Optimization

Search Meets Mapping

Thinner Slices of The Paid Search Pie


Partner With Us

SANS/FBI Names Top 20 Network Threats

Realizing many IT departments don't have the time, resources or inclination to plug up breaches in its network, a new report points out the biggest vulnerabilities by operating system.

Share this Article

Print this Article

Comment on this article

Email this Article

October 2, 2002
By Jim Wagner: More stories by this author:

The SysAdmin, Audit, Network, Security (SANS) Institute, in conjunction with the Federal Bureau of Investigation (FBI) has updated its ever-changing Top 20 list of security threats, broken down by the two largest operating systems used by corporate network -- Windows and Unix.

The list, which "is especially intended for those organizations that lack the resources to train, or those without technically-advanced security administrators," names security threats that are relatively easy for a would-be cracker (a Black Hat hacker) or script-kiddie to exploit running a port scanner. These scanners list the software and version used on the network and then create a blueprint they can use as they look for weaknesses.

Knowing the software version, for example, a cracker can run scripts aimed at known flaws in the application, giving them back-door access to the entire network, including personal information, passwords, or even the ability to wreak havoc by flooding the network with denial of service (DoS) or distributed DoS attacks.

Following is the most current Top 20 list of security weak spots.

RELATED ARTICLES

9/11 Worm Can't Squirm
Microsoft Airs Critical Identity Spoofing Flaws
New Active-X Vulnerability Discovered
CERT Amends DNS Flaw Fix
New Flaws Discovered on IE, Office
Latest IE Flaw an E-Commerce Threat?
PGP Flaw Leaves E-mails Vulnerable

Windows

Internet Information Services (IIS),

Microsoft Data Access Components (MDAC)

SQL Server,

NETBIOS,

anonymous logon - null sessions,

LAN Manager Authentication,

General Windows authentication,

Internet Explorer (IE),

remote registry access,

Windows scripting host.

Unix

Remote Procedure Calls (RPC),

Apache Web Server,

Secure shell (SSH),

Simple Network Management Protocol (SNMP),

File Transfer Protocol (FTP)

R-Services - trust relationships,

Line printer daemon (LPD),

Sendmail,

BIND/DNS,

General Unix authentication

LATEST NEWS

SideJackers Gear Up for Online Shopping Season

Apple Joins AT&T/Verizon Food Fight

Web Video Play Joost Calls It Quits, Sold to Ad Firm

Many Enterprises Clueless on Mobile Data: Study

Murdoch's Google Block Play Risky, Analysts Say

Officials recommend network and system administrators concentrate their resources on the above list immediately before any other network fixes. They said disabling the network service, upgrading to the most recent version and applying a cumulative patch are the best quick-fixes to potentially leaky networks.

Officials realize many IT departments in smaller firms -- as well in major corporations -- around the U.S. have been slow to patch its networks, either because they are under-funded or just unaware of the latest threats.

Private and public companies, as well as government agencies, took part in gathering the list of most-damaging network threats. Security companies like Qualys, Symantec and Internet Security Systems comprised one testing group, while another group made up of actual corporations or government agencies comprised the other; both came up with their list of the most damaging vulnerabilities.

Share this Article

Print this Article

Comment on this article

Email this Article

Developer Archives | 7 Day InternetNews Summary | Contact Jim Wagner | Back to top

Add internetnews.com
to your browser search box.

Receive news
via our XML/RSS:
feed

More InternetNews.com

Hardware	Software	Mobility	Web Content
After a Hot Autumn, Intel & AMD Business Cools Dell Sales, Earnings Fall Short of Expectations Google Shows Off Chrome OS, Releases Source	Microsoft's Dynamics ERP to Gain New Services Microsoft: No 'Back Door' in Windows 7 Oracle Gets a One-Week Extension on Sun Deal	Google Aims Chrome OS at 'Pro Netbook' Market Smartphone Set for Holiday Price War AT&T and Verizon Set for Court Battle	Facebook Becoming Online Video Hub Yahoo Adds Twitter to News Results Salesforce Debuts a Facebook for the Enterprise
Search	Government	Developer	Business
Microsoft, Google Put the Squeeze on Yahoo Google Books Still Faces Criticism After Revision Google Makes It Official, Grabs VoIP Firm Gizmo5	Web 2.0 Makeover Poses Big Risks for Gov't: Study Senate Panel Blasts E-Commerce 'Scams' U.S. Cybersecurity Can Halt 80% of Attacks at Best	Metasploit Expands Vulnerability Test Framework HyperCard Reborn? Fedora 12 Takes Aim at Linux Networking	Ciena Wins Nortel Carrier Ethernet, Optical Unit Memory Market Due for Big Shift in 2010 Tech's H-1B Hiring Faces 'Employ America Act'
Storage	E-Commerce	Networking	Security
Micron Flash Advance: Live Longer and Rewrite Storage Players Forge Cloud Initiative Hitachi Looks to the Cloud for Storage	Flickr-Snapfish Ties Boost Photo Print Options Microsoft Readies Free Ad-supported Office 2010 Global Internet Ad Spending Stabilizing: IDC	Brocade: Big Bandwidth, Small Routers MultiPoint Server 2010 Coming to the Classroom Nortel Completes Wireless Sale to Ericsson	Facebook Hit With New CSRF Worm Past Year's Malware Could Shape 2010's Threats Cisco Debuts 24/7 Security iPhone App

JustTechJobs.com

Unix Administrator with Vertias Cluster Server PC Support Technician Solaris Administrator

UNIX / C++ Software Engineer, Shell Scripts, Big Corp Experience Risk Developer - C# - T-SQL - ASP.Net (IL) Inside Sales Specialist (PA)

WebMediaBrands Corporate Info

Legal Notices, Licensing, Permissions, Privacy Policy.
Advertise | Newsletters | Shopping | E-mail Offers | Freelance Jobs

Whitepapers and eBooks

Articles: Build a More Agile Business with IBM
IBM Articles: Virtualization Delivers a Dynamic Infrastructure
Articles: IBM Offers Enhanced Measurement and Management for Energy Usage
Articles: IBM Helps Transformation to an Information-Based Enterprise
Microsoft Articles: Visual Studio 2010
Adobe Article: Adobe Helps PHP Developers Create Rich Internet Applications
Adobe Article: Java Developers Finding a Home at Adobe Flex
IBM Articles: A Smarter Business Needs Smarter Technology
Intel Xeon Processor Increases Server Efficiency and Capabilities
Intel Tech Brief: Automated Energy Efficiency for the Intelligent Enterprise

Oracle Whitepapers - Innovation for IT Leaders
Avaya Article: Communication-Enabled Mashups--Empowering Both Business Owners and IT
Internet.com eBook: IT Manager's Guide to Social Networking
Internet.com eBook: Get Ready for Windows 7
Microsoft Article: Expression Web 3--New Features for PHP Developers
Whitepapers: Manage Your Business Infrastracture with IBM
Whitepaper: Maximize Your Storage Investment with HP
Internet.com eBook: Becoming a Better Project Manager
Microsoft Article: Stress Free and Efficient Designer/Developer Collaboration
MORE WHITEPAPERS, EBOOKS, AND ARTICLES

Webcasts

Webcast: Connecting PHP to Microsoft Technologies
Video: Microsoft Partner Program Benefits
Video: Windows Azure Debugging Tips
SAP BusinessObjects Webcast: Unlock the Power of Reporting with Crystal Reports

IBM Webcast: Speed Business Innovation with Reduced Cost and Risk
Video: Deploy Applications on Windows Azure
MORE WEBCASTS, PODCASTS, AND VIDEOS

Downloads and eKits

Download: Microsoft Visual Studio 2010 Beta 2
Downloads & Free Trials: Microsoft's New Efficiency Resource Center
Get the Windows 7 SDK

Free Trial: Red Gate SQL Backup Pro 6
Iron Speed Designer Application Generator
MORE DOWNLOADS, EKITS, AND FREE TRIALS

Tutorials and Demos

Internet.com Hot List: Get the Inside Scoop on the Hottest IT and Developer Products
All About Botnets

MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES