Return-Path: <sentto-279987-2631-1002078708-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Tue, 02 Oct 2001 20:13:12 -0700 (PDT) Received: (qmail 29640 invoked by uid 510); 3 Oct 2001 03:11:55 -0000 Received: from n2.groups.yahoo.com (216.115.96.52) by 204.181.12.215 with SMTP; 3 Oct 2001 03:11:55 -0000 X-eGroups-Return: sentto-279987-2631-1002078708-fc=all.net@returns.onelist.com Received: from [10.1.4.56] by n2.groups.yahoo.com with NNFMP; 03 Oct 2001 03:11:49 -0000 X-Sender: fc@big.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-7_4_1); 3 Oct 2001 03:11:48 -0000 Received: (qmail 34336 invoked from network); 3 Oct 2001 03:11:47 -0000 Received: from unknown (10.1.10.26) by l10.egroups.com with QMQP; 3 Oct 2001 03:11:47 -0000 Received: from unknown (HELO big.all.net) (65.0.156.78) by mta1 with SMTP; 3 Oct 2001 03:11:47 -0000 Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id UAA10560 for iwar@onelist.com; Tue, 2 Oct 2001 20:11:47 -0700 Message-Id: <200110030311.UAA10560@big.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL1] From: Fred Cohen <fc@all.net> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Tue, 2 Oct 2001 20:11:47 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:'Top.10'.List.Of.Net.Security.Holes.Grows.To.20] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit 'Top 10' List Of Net Security Holes Grows To 20 By Steven Bonisteel, Newsbytes, 10/2/2001 <a href="http://www.newsbytes.com/news/01/170713.html">http://www.newsbytes.com/news/01/170713.html> A pessimistic network administrator might say that computer security just got twice as hard, now that a joint government-and-industry effort to catalog the most critical Internet vulnerabilities doubled its count to 20 from 10. However, the Bethesda, Md.-based System Administration, Networking, and Security (SANS) Institute and the FBI's National Infrastructure Protection Center are optimistic that network administrators who heed the beefed up "SANS/FBI Top 20" list released Monday can help reduce the impact of rampaging Internet worms like Code Red and improve their defenses against the attacks most favored by hackers. "These few software vulnerabilities account for the majority of successful attacks, simply because attackers are opportunistic - taking the easiest and most convenient route," said SANS in a statement accompanying the new list. "They exploit the best known flaws with the most effective and widely available attack tools. They count on organizations not fixing the problems, and they often attack indiscriminately, scanning the Internet for any vulnerable systems." SANS released its original "Top 10" list more than a year ago and most recently updated it in June. The new list is now divided into three sections - one for vulnerabilities affecting all operating systems, and a section each for administrators of Windows and Unix- based systems. SANS says the Number 1 vulnerability affecting all platforms, addressed only indirectly in the previous lists, are "default" installations of operating systems that enable services users don't need - and may not know they have installed - and so are not monitored or battened down. SANS said the "vendor philosophy" behind software installation procedures "is that it is better to enable functions that are not needed, than to make the user install additional functions when they are needed." "This approach, although convenient for the user, creates many of the most dangerous security vulnerabilities because users do not actively maintain and patch software components they don't use," SANS said. "Those unpatched services provide paths for attackers to take over computers." During the recent outbreak of the Code Red and Nimda worms, security experts speculated that it would be difficult to completely eradicate rogue software that broke in to servers running Microsoft's IIS Web services because many system operators remained unaware that that IIS software was enabled on their PCs. SANS said default installations of software and vulnerable components that are not patched are essentially the root cause of most of the problems detailed on its Top 20 list. "For operating systems, default installations nearly always include extraneous services and corresponding open ports," SANS said. "Attackers break into systems via these ports. In most cases the fewer ports you have open, the fewer avenues an attacker can use to compromise your network." "For applications, default installations usually include unneeded sample programs or scripts. One of the most serious vulnerabilities with Web servers is sample scripts; attackers use these scripts to compromise the system or gain information about it. In most cases, the system administrator whose system is compromised did not know that the sample scripts were installed." Also high on the SANS/FBI list - in third spot - is an issue that many administrators might not have included in their own lists of vulnerabilities: "non-existent or incomplete backups." "When an incident occurs - and it will occur in nearly every organization," SANS said, "recovery from the incident requires up- to-date backups and proven methods of restoring the data." "Some organizations make daily backups, but never verify that the backups are actually working," SANS said. "Others construct backup policies and procedures, but do not create restoration policies and procedures. Such errors are often discovered after a hacker has entered systems and destroyed or otherwise ruined data." The complete SANS/FBI Top 20 list, which the organizations said was compiled with the help of nearly 60 computer security experts, can be found at <a href="http://www.sans.org/top20.htm">http://www.sans.org/top20.htm> . ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:53 PST