Top 20 security holes
p2pnet.net News:- What’s the most critical Windows vulnerability (like you didn’t know ; ) ? Web servers and services. And the top Unix problems? The BINDÂ domain name system.
The Ten Most Critical Internet Security Vulnerabilities list was first released by the National Infrastructure Protection Center (NIPC) at the FBI four years back.
But actually, it’s not one, but two lists: the ten most commonly exploited vulnerable services in Windows; and, the ten most commonly exploited vulnerable services in UNIX and Linux.
“The SANS Top-20 is a living document,” says the site.
“It includes step-by-step instructions and pointers to additional information useful for correcting the security flaws. We will update the list and the instructions as more critical threats and more current or convenient methods of protection are identified, and we welcome your input along the way. This is a community consensus document – your experience in fighting attackers and in eliminating the vulnerabilities can help others who come after you. Please send suggestions via e-mail to top20@sans.org”
Top Vulnerabilities to Windows Systems
- W1 Web Servers & Services
- W2 Workstation Service
- W3 Windows Remote Access Services
- W4 Microsoft SQL Server (MSSQL)
- W5 Windows Authentication
- W6 Web Browsers
- W7 File-Sharing Applications
- W8 LSAS Exposures
- W9 Mail Client
- W10 Instant Messaging
Top Vulnerabilities to UNIX Systems
- U1 BIND Domain Name System
- U2 Web Server
- U3 Authentication
- U4 Version Control Systems
- U5 Mail Transport Service
- U6 Simple Network Management Protocol (SNMP)
- U7 Open Secure Sockets Layer (SSL)
- U8 Misconfiguration of Enterprise Services NIS/NFS
- U9 Databases
- U10 Kernel
===================
See:-
Top-20 – The Twenty Most Critical Internet Security Vulnerabilities (Updated), October 8, 2004
October 12th, 2004 at 2:42 am
And for the practical side of threats,
look what ports are open on your system at grc.com!
https://grc.com/x/ne.dll?bh0bkyd2