SANS/FBI Names Top 20 Network Threats

The SysAdmin, Audit, Network, Security (SANS) Institute, in conjunction
with the Federal Bureau of Investigation (FBI) has updated its
ever-changing Top 20 list of security threats, broken down by the two
largest operating systems used by corporate network — Windows and Unix.

The list, which “is especially intended for those organizations that lack
the resources to train, or those without technically-advanced security
administrators,” names security threats that are relatively easy for a
would-be cracker (a Black Hat hacker) or script-kiddie to exploit running a
port scanner. These scanners list the software and version used on the network and then create a blueprint they can use as they look for weaknesses.

Knowing the software version, for example, a cracker can run scripts aimed
at known flaws in the application, giving them back-door access to the
entire network, including personal information, passwords, or even the
ability to wreak havoc by flooding the network with denial of service (DoS)
or distributed DoS attacks.

Following is the most current Top 20 list of security weak spots.

Windows

  • Internet Information Services (IIS),
  • Microsoft Data Access Components (MDAC)
  • SQL Server,
  • NETBIOS,
  • anonymous logon – null
    sessions,

  • LAN Manager Authentication,
  • General Windows authentication,
  • Internet Explorer (IE),
  • remote registry access,
  • Windows scripting host.

    Unix

  • Remote Procedure Calls (RPC),
  • Apache Web Server,
  • Secure
    shell (SSH),

  • Simple Network Management Protocol (SNMP),
  • File Transfer
    Protocol (FTP)

  • R-Services – trust relationships,
  • Line printer daemon (LPD),
  • Sendmail,
  • BIND/DNS,
  • General Unix authentication

    Officials recommend network and system administrators concentrate their resources on the
    above list immediately before any other network fixes. They said disabling
    the network service, upgrading to the most recent version and applying a
    cumulative patch are the best quick-fixes to potentially leaky networks.

    Officials realize many IT departments in smaller firms — as well in major
    corporations — around the U.S. have been slow to patch its networks,
    either because they are under-funded or just unaware of the latest threats.

    Private and public companies, as well as government agencies, took part in
    gathering the list of most-damaging network threats. Security companies
    like Qualys, Symantec and Internet Security Systems
    comprised one testing group, while another group made
    up of actual corporations or government agencies comprised the other; both
    came up with their list of the most damaging vulnerabilities.

  • News Around the Web