Friday, September 17, 2004

Top Vulnerabilities to Windows Systems

The vast majority of worms and other successful cyber attacks are made possible by vulnerabilities in a small number of common operating system services. Attackers are opportunistic. They take the easiest and most convenient route and exploit the best-known flaws with the most effective and widely available attack tools. They count on organizations not fixing the problems, and they often attack indiscriminately, scanning the Internet for any vulnerable systems. The easy and destructive spread of worms, such as Blaster, Slammer, and Code Red, can be traced directly to exploitation of unpatched vulnerabilities.

Three years ago, the SANS Institute and the National Infrastructure Protection Center (NIPC) at the FBI released a document summarizing the Ten Most Critical Internet Security Vulnerabilities. Thousands of organizations used that list, and the expanded Top Twenty lists that followed one and two years later, to prioritize their efforts so they could close the most dangerous holes first. The vulnerable services that led to the examples above Blaster, Slammer, and Code Red, as well as NIMDA worms - are on that list.


The SANS Top 20 Internet Security Vulnerabilities
· W1 Internet Information Services (IIS)
· W2 Microsoft SQL Server (MSSQL)
· W3 Windows Authentication
· W4 Internet Explorer (IE)
· W5 Windows Remote Access Services
· W6 Microsoft Data Access Components (MDAC)
· W7 Windows Scripting Host (WSH)
· W8 Microsoft Outlook and Outlook Express
· W9 Windows Peer to Peer File Sharing (P2P)
· W10 Simple Network Management Protocol (SNMP)

No comments: