|
|
 |
| PROCEDURES
FOR SECURING SYSTEMS |
|
| The
SANS Top 20 Vulnerabilities |
|
|
|
Windows
Systems Top Ten Vulnerabilities
- Buffer overflows in Internet Information Server (IIS)
script mappings and WebDAV that can be exploited by sending
specially crafted excessive input, resulting in denial of
service, execution of rogue code, and other outcomes.
- Multiple vulnerabilities in Microsoft SQL Server that
can allow unauthorized read and write access to database
entries, execution of rogue commands and code, and control
of the Server itself by attackers.
- Weak and crackable passwords that can result in unauthorized
access to systems and resources therein.
- A variety of vulnerabilities in Microsoft Internet Explorer
that can allow execution of rogue commands and code, control
of systems that run this browser by attackers, disclosure
of cookies, and other negative outcomes.
- Unprotected shares, anonymous logons, remote Registry
access, and remote procedure calls that can allow unauthorized
access to and subversion of systems and resources therein.
- Vulnerabilities such as buffer overflow conditions in
Microsoft Data Access Components such as Remote Data Services
(RDS) that can allow unauthorized execution of rogue commands
and code.
- Multiple vulnerabilities in Windows Scripting Host (such
as in the autoexecution feature, which can be made to run
unauthorized Visual Basic scripts) that can allow execution
of rogue code.
- Vulnerabilities in embedded automation features in Microsoft
Outlook and Outlook Express that can allow execution of
rogue code.
- Peer-to-peer file sharing that can result in unauthorized
access to systems and legal troubles.
- Vulnerabilities in the Simple Network Management Protocol
(SNMP) that can lead to denial of service and unauthorized
configuration changes in systems.
Unix Systems
Top Ten Vulnerabilities
- Vulnerabilities in the Berkeley Internet Name Domain (BIND)
program (particularly in nxt, qinv, and in.named) that can
result in denial of service and execution of rogue code.
- Multiple vulnerabilities in the Remote Procedure Call
(RPC) that can lead to denial of service.
- Multiple bugs in the Apache Web server [such as a heap
buffer overflow vulnerability in the apr_psprintf() function]
that can result in denial of service, unauthorized access
to information, defacement of Web pages, and root-level
compromise of the host that runs Apache.
- Unpassworded accounts or accounts with weak passwords
that can allow unauthorized access to systems (sometimes
with root privileges).
- Cleartext network traffic that can lead to unauthorized
reading of information and unauthorized access to systems
(because cleartext passwords are exposed).
- Vulnerabilities in sendmail (such as an error in the prescan()
function that enables someone to write past the end of a
buffer) that can result in denial of service, unauthorized
execution of rogue code with root privileges or unauthorized
spam relay.
- SNMP vulnerabilities that can lead to denial of service
and unauthorized configuration changes in systems.
- Bugs in secure shell (ssh) that can lead to unauthorized
root access and other outcomes.
- Misconfiguration of the Network Information Service (NIS)
and the Network File System (NFS) that can result in unauthorized
access to files, unauthorized access to systems, and other
outcomes.
- Bugs in Open Secure Sockets Layer (SSL) such as improper
integer overflow handling and insecure memory deallocation
that can cause unauthorized execution of rogue code and
unauthorized root access.
|
|
|
|
|
|
