RealTime IT News

SANS/FBI Names Top 20 Network Threats

The SysAdmin, Audit, Network, Security (SANS) Institute, in conjunction with the Federal Bureau of Investigation (FBI) has updated its ever-changing Top 20 list of security threats, broken down by the two largest operating systems used by corporate network -- Windows and Unix.

The list, which "is especially intended for those organizations that lack the resources to train, or those without technically-advanced security administrators," names security threats that are relatively easy for a would-be cracker (a Black Hat hacker) or script-kiddie to exploit running a port scanner. These scanners list the software and version used on the network and then create a blueprint they can use as they look for weaknesses.

Knowing the software version, for example, a cracker can run scripts aimed at known flaws in the application, giving them back-door access to the entire network, including personal information, passwords, or even the ability to wreak havoc by flooding the network with denial of service (DoS) or distributed DoS attacks.

Following is the most current Top 20 list of security weak spots.


  • Internet Information Services (IIS),
  • Microsoft Data Access Components (MDAC)
  • SQL Server,
  • anonymous logon - null sessions,
  • LAN Manager Authentication,
  • General Windows authentication,
  • Internet Explorer (IE),
  • remote registry access,
  • Windows scripting host.


  • Remote Procedure Calls (RPC),
  • Apache Web Server,
  • Secure shell (SSH),
  • Simple Network Management Protocol (SNMP),
  • File Transfer Protocol (FTP)
  • R-Services - trust relationships,
  • Line printer daemon (LPD),
  • Sendmail,
  • General Unix authentication

    Officials recommend network and system administrators concentrate their resources on the above list immediately before any other network fixes. They said disabling the network service, upgrading to the most recent version and applying a cumulative patch are the best quick-fixes to potentially leaky networks.

    Officials realize many IT departments in smaller firms -- as well in major corporations -- around the U.S. have been slow to patch its networks, either because they are under-funded or just unaware of the latest threats.

    Private and public companies, as well as government agencies, took part in gathering the list of most-damaging network threats. Security companies like Qualys, Symantec and Internet Security Systems comprised one testing group, while another group made up of actual corporations or government agencies comprised the other; both came up with their list of the most damaging vulnerabilities.