[iwar] [fc:'Top.10'.List.Of.Net.Security.Holes.Grows.To.20]

From: Fred Cohen (fc@all.net)
Date: 2001-10-02 20:11:47


Return-Path: <sentto-279987-2631-1002078708-fc=all.net@returns.onelist.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Tue, 02 Oct 2001 20:13:12 -0700 (PDT)
Received: (qmail 29640 invoked by uid 510); 3 Oct 2001 03:11:55 -0000
Received: from n2.groups.yahoo.com (216.115.96.52) by 204.181.12.215 with SMTP; 3 Oct 2001 03:11:55 -0000
X-eGroups-Return: sentto-279987-2631-1002078708-fc=all.net@returns.onelist.com
Received: from [10.1.4.56] by n2.groups.yahoo.com with NNFMP; 03 Oct 2001 03:11:49 -0000
X-Sender: fc@big.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-7_4_1); 3 Oct 2001 03:11:48 -0000
Received: (qmail 34336 invoked from network); 3 Oct 2001 03:11:47 -0000
Received: from unknown (10.1.10.26) by l10.egroups.com with QMQP; 3 Oct 2001 03:11:47 -0000
Received: from unknown (HELO big.all.net) (65.0.156.78) by mta1 with SMTP; 3 Oct 2001 03:11:47 -0000
Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id UAA10560 for iwar@onelist.com; Tue, 2 Oct 2001 20:11:47 -0700
Message-Id: <200110030311.UAA10560@big.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL1]
From: Fred Cohen <fc@all.net>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Tue, 2 Oct 2001 20:11:47 -0700 (PDT)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] [fc:'Top.10'.List.Of.Net.Security.Holes.Grows.To.20]
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

'Top 10' List Of Net Security Holes Grows To 20 
By Steven Bonisteel, Newsbytes, 10/2/2001
<a href="http://www.newsbytes.com/news/01/170713.html">http://www.newsbytes.com/news/01/170713.html>

A pessimistic network administrator might say that computer security
just got twice as hard, now that a joint government-and-industry effort
to catalog the most critical Internet vulnerabilities doubled its count
to 20 from 10. 

However, the Bethesda, Md.-based System Administration, Networking, and
Security (SANS) Institute and the FBI's National Infrastructure
Protection Center are optimistic that network administrators who heed
the beefed up "SANS/FBI Top 20" list released Monday can help reduce the
impact of rampaging Internet worms like Code Red and improve their
defenses against the attacks most favored by hackers. 

"These few software vulnerabilities account for the majority of
successful attacks, simply because attackers are opportunistic - taking
the easiest and most convenient route," said SANS in a statement
accompanying the new list.  "They exploit the best known flaws with the
most effective and widely available attack tools.  They count on
organizations not fixing the problems, and they often attack
indiscriminately, scanning the Internet for any vulnerable systems."
SANS released its original "Top 10" list more than a year ago and most
recently updated it in June.  The new list is now divided into three
sections - one for vulnerabilities affecting all operating systems, and
a section each for administrators of Windows and Unix- based systems. 
SANS says the Number 1 vulnerability affecting all platforms, addressed
only indirectly in the previous lists, are "default" installations of
operating systems that enable services users don't need - and may not
know they have installed - and so are not monitored or battened down. 
SANS said the "vendor philosophy" behind software installation
procedures "is that it is better to enable functions that are not
needed, than to make the user install additional functions when they are
needed."

"This approach, although convenient for the user, creates many of the
most dangerous security vulnerabilities because users do not actively
maintain and patch software components they don't use," SANS said. 
"Those unpatched services provide paths for attackers to take over
computers."

During the recent outbreak of the Code Red and Nimda worms, security
experts speculated that it would be difficult to completely eradicate
rogue software that broke in to servers running Microsoft's IIS Web
services because many system operators remained unaware that that IIS
software was enabled on their PCs. 

SANS said default installations of software and vulnerable components
that are not patched are essentially the root cause of most of the
problems detailed on its Top 20 list. 

"For operating systems, default installations nearly always include
extraneous services and corresponding open ports," SANS said. 
"Attackers break into systems via these ports.  In most cases the fewer
ports you have open, the fewer avenues an attacker can use to compromise
your network."

"For applications, default installations usually include unneeded sample
programs or scripts.  One of the most serious vulnerabilities with Web
servers is sample scripts; attackers use these scripts to compromise the
system or gain information about it.  In most cases, the system
administrator whose system is compromised did not know that the sample
scripts were installed."

Also high on the SANS/FBI list - in third spot - is an issue that many
administrators might not have included in their own lists of
vulnerabilities: "non-existent or incomplete backups."

"When an incident occurs - and it will occur in nearly every
organization," SANS said, "recovery from the incident requires up-
to-date backups and proven methods of restoring the data."

"Some organizations make daily backups, but never verify that the
backups are actually working," SANS said.  "Others construct backup
policies and procedures, but do not create restoration policies and
procedures.  Such errors are often discovered after a hacker has entered
systems and destroyed or otherwise ruined data."

The complete SANS/FBI Top 20 list, which the organizations said was
compiled with the help of nearly 60 computer security experts, can be
found at <a
href="http://www.sans.org/top20.htm">http://www.sans.org/top20.htm> . 


------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 



This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:53 PST