SANS/FBI Names Top 20 Network Threats
Page 1 of 1
The SysAdmin, Audit, Network, Security (SANS) Institute, in conjunction with the Federal Bureau of Investigation (FBI) has updated its ever-changing Top 20 list of security threats, broken down by the two largest operating systems used by corporate network -- Windows and Unix.
The list, which "is especially intended for those organizations that lack the resources to train, or those without technically-advanced security administrators," names security threats that are relatively easy for a would-be cracker (a Black Hat hacker) or script-kiddie to exploit running a port scanner. These scanners list the software and version used on the network and then create a blueprint they can use as they look for weaknesses.
Knowing the software version, for example, a cracker can run scripts aimed at known flaws in the application, giving them back-door access to the entire network, including personal information, passwords, or even the ability to wreak havoc by flooding the network with denial of service (DoS) or distributed DoS attacks.
Following is the most current Top 20 list of security weak spots.
Officials recommend network and system administrators concentrate their resources on the above list immediately before any other network fixes. They said disabling the network service, upgrading to the most recent version and applying a cumulative patch are the best quick-fixes to potentially leaky networks.
Officials realize many IT departments in smaller firms -- as well in major corporations -- around the U.S. have been slow to patch its networks, either because they are under-funded or just unaware of the latest threats.
Private and public companies, as well as government agencies, took part in
gathering the list of most-damaging network threats. Security companies
like Qualys, Symantec
and Internet Security Systems
comprised one testing group, while another group made
up of actual corporations or government agencies comprised the other; both
came up with their list of the most damaging vulnerabilities.