Top 20 Internet Security Vulnerabilities
by George Milner
We all know that computer systems are susceptible to attack. What you may not know is exactly where the attack will come from. It would be nice to know what the threats are and, more importantly, what to do to combat them.
The good news is that there is a group tracking the vulnerabilities inherent in today's major operating systems. The SANS Institute has been keeping a list of the twenty most critical Internet security weaknesses for more than four years. The list is actually broken down into two top ten lists for Windows and UNIX systems.
Highlights from the Top 20 List
This year's list (2003) has just been posted. The top Windows vulnerability remains Internet Information Services (IIS), but notable new entries include Outlook and Outlook Express, Peer-to-Peer file sharing, and Simple Network Management Protocol (SNMP).
On UNIX systems, BIND/DNS jumped from number ten to number one and new entries on the list include Clear Text Services, misconfiguration of Enterprise Services (NIS/NFS), and Open Secure Sockets Layer (SSL).
What Does This Mean?
System vulnerability is a moving target. The hackers will usually take the easiest route to their goal and as each security hole gets patched, new ones will be exploited. You must keep abreast of these changes to have any hope of staying ahead of the attackers. Those trying to get access to your system are counting on those organizations that don't fix the known problems. Don't fall into that group. Take the necessary steps to ensure that your institution and its data is well protected.
What Should You Do?
- First, read the report
- Second, read the advisories and follow the instructions to correct the identified security flaws
- Third, make sure that you've taken steps to secure the ports that have been identified as most vulnerable
- Fourth, bookmark the site and check back periodically to stay ahead of ongoing threats
If you follow these instructions, will your system be impervious to attack? Of course not, but hopefully the hackers will find easier pickings elsewhere and your institution will be spared. Constantly monitoring threats and taking action quickly will give your organization the best chance. Remember, vigilance is the key.
The Twenty Most Critical Internet Security Vulnerabilities (Updated) ~ The Experts Consensus
Common Vulnerable Ports
Information and Computer Security Resources
First published on BankersOnline.com 10/14/03
First published on 10/14/2003