2005 SANS Top 20 List of Vulnerabilities -- November 23, 2005
- From: Educational CyberPlayGround <admin@xxxxxxxxxxxxxxx>
- To: NetworkNewsletters@xxxxxxxxxxxxx
- Date: Tue, 29 Nov 2005 09:19:15 -0500
**************************************************************
Network Newsletters Mailing List ©1994
Subscribe - Unsubscribe - Email Preferences
http://www.edu-cyberpg.com/Community/NetworkNewsletters.html
Educational CyberPlayGround Community Mailing Lists
http://www.edu-cyberpg.com/Community/
Advertise Network Newsletters Guidlines
http://www.edu-cyberpg.com/Community/Subguidelines.html
**************************************************************
**************************************************************************
Education Vendor Directory - Advertise Your Services.
<http://www.edu-cyberpg.com/Community/Subguidelines.html>
Helps educators make the most efficient use of your resources
Get your products or services noticed
through support of the Educational CyberPlayGround,
a clearinghouse of educational resources.
**************************************************************************
1. In Focus: 2005 SANS Top 20 List of Vulnerabilities
2. Security News and Features
- Recent Security Vulnerabilities
- Microsoft Bolsters Antiphishing Efforts with Third-Party Data
- Windows Genuine Advantage Now Supports Mozilla-based Browsers
- CMP Buys Black Hat
3. Instant Poll
4. Security Toolkit
- Security Matters Blog
- FAQ
- Security Forum Featured Thread
5. New and Improved
- Web Filter Gets New Features
====================
====================
==== 1. In Focus: 2005 SANS Top 20 List of Vulnerabilities
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net
Since 2000, The SANS (SysAdmin, Audit, Network, Security) Institute has
maintained a list of what it considers to be the vulnerabilities that
administrators should be most aware of. The list can be looked at as a
summary of concerns to address if you don't have time to immediately
address all known vulnerabilities in the universe. The reason you might
use the Top 20 List as your short list is that typically the most
critical vulnerabilities are the ones used by intruders to launch
attacks--which often turn out to be widespread.
This week, SANS published the annual version of its SANS Top 20 Most
Critical Internet Vulnerabilities list. The list is divided into
sections that cover problems related to Windows platforms, Unix
platforms, cross-platform products, and networking products. According
to Rohit Dhamankar, project manager for the SANS Top 20 (and lead
security architect at 3Com division TippingPoint), "Vulnerabilities on
this list meet four requirements: (1) they affect a large number of
users, (2) they have not been patched on a substantial number of
systems, (3) they allow computers to [be] controlled by a remote,
unauthorized user, (4) sufficient details about the vulnerabilities
have been posted to the Internet to enable attackers to exploit them."
If you look at the report, you might think "Top 20" is a bit of a
misnomer. The report has 20 categories of vulnerabilities, and in any
given category, you might find 10 or more individual vulnerabilities.
Thus, the Top 20 report includes dozens upon dozens of critical
vulnerabilities. For example, vulnerabilities in the PHP scripting
language might expand into countless application vulnerabilities. In
another example, peer-to-peer (P2P) file-sharing software is cited as a
vulnerability. How many different types of P2P software are there these
days? I lost count some time ago.
You're probably getting the picture: The report isn't exactly a guide
to quickly fixing the top 20 vulnerability problems. That said, it does
reveal some of the major vulnerability trends of this year.
SANS says that in the past, the majority of attacks targeted Windows,
UNIX (I assume they include Linux in the UNIX category), Web services,
email services, and similar Internet services. However, this year, a
different trend has emerged. According to SANS, more attacks this year
have been aimed at critical core services, such as backup applications,
antivirus software, and "other security tools." Another trend pointed
out in the report "is public recognition of the critical
vulnerabilities that are found in network devices such as routers and
switches that form the backbone of the Internet."
As for Windows platforms, the report points out 11 critical
vulnerabilities in system services, 10 in Microsoft Internet Explorer
(IE), 11 in various system libraries, 3 in Microsoft Office and Outlook
Express, as well as the risk of using weak password schemes in the OS
and related services, such as SQL Server. That's at least 32
vulnerabilities plus an entire password infrastructure to address.
Hopefully, you've addressed all these problems as they've become known
to the public over the past year. If not, the quickest way to find out
if you're vulnerable to most of the items in the report is of course to
use a decent vulnerability scanner. Be sure to check the report (first
URL below) to determine whether it mentions vulnerabilities that you
haven't addressed that might affect your network. You can also check
out our news story on the SANS Top 20 list on our Web site (second URL
below).
http://list.windowsitpro.com/t?ctl=1A4C2:4FB69
http://list.windowsitpro.com/t?ctl=1A4B2:4FB69
====================
====================
==== 2. Security News and Features ====
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these
discoveries at
http://list.windowsitpro.com/t?ctl=1A4B1:4FB69
Microsoft Bolsters Antiphishing Efforts with Third-Party Data
Microsoft announced that three companies will help bolster its
Phishing Filter and SmartScreen technologies. Each of the three
companies--Cyota, Internet Identity, and MarkMonitor--will regularly
provide Microsoft with data that helps identify known phishing sites.
http://list.windowsitpro.com/t?ctl=1A4B7:4FB69
Windows Genuine Advantage Now Supports Mozilla-based Browsers
Downloading certain types of software from Microsoft's Web site has
typically been limited to those who use Microsoft Internet Explorer
(IE). But not anymore. The Windows Genuine Advantage team created a new
ActiveX control that works with browsers based on code developed by the
Mozilla Foundation.
http://list.windowsitpro.com/t?ctl=1A4B8:4FB69
CMP Buys Black Hat
Black Hat, operator of popular conferences related to information
security, has been acquired by CMP Media. Jeff Moss, Black Hat founder,
will continue as director of Black Hat for CMP.
http://list.windowsitpro.com/t?ctl=1A4BA:4FB69
====================
====================
==== Featured White Paper ====
Learn about the capabilities offered by the integration of Microsoft
SMS 2003 and Afaria
In this free white paper, you'll learn about new functionality and
benefits of Microsoft SMS specifically targeted to improving management
of remote and mobile devices, challenges of managing frontline systems,
how the combined solution creates value around the successful use of
technology at the front lines of business and more.
http://list.windowsitpro.com/t?ctl=1A4A9:4FB69
====================
==== 4. Security Toolkit ====
Security Matters Blog: Security Work to Go
by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=1A4BF:4FB69
Laptops are great tools, particularly when it comes to security work,
because they're portable. But what about an ultraportable computer?
Check out this blog article to learn about an incredibly powerful full-
function PC that you can literally put in your pocket.
http://list.windowsitpro.com/t?ctl=1A4B9:4FB69
FAQ
by John Savill, http://list.windowsitpro.com/t?ctl=1A4BE:4FB69
Q: How can I dump out the mailbox permissions on a Microsoft Exchange
Server box or bulk change multiple users' attributes at once?
Find the answer at
http://list.windowsitpro.com/t?ctl=1A4BB:4FB69
Security Forum Featured Thread: Errors in Generic Host Services and LSA
Shell services
A forum participant's Windows Server 2003, Enterprise Edition system
is rebooting at frequent intervals due to some sort of remote procedure
call (RPC) error. Whenever it restarts, the system generates errors
related to LSASS and Generic Host Services. After the system is back up
and running for about 5 to 10 minutes, those services stop. Know what
the problem might be? Join the discussion at:
http://list.windowsitpro.com/t?ctl=1A4A8:4FB69
====================
Copyright 2005, Penton Media, Inc. All rights reserved.
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
Copyright statements to be included when reproducing
annotations from Network Newsletters
The single phrase below is the copyright notice to be used when
reproducing any portion of this report, in any format:
EDUCATIONAL CYBERPLAYGROUND
http://www.edu-cyberpg.com
Network Newsletters copyright
http://www.edu-cyberpg.com/Community/NetworkNewsletters.html
FREE EDUCATION VENDOR DIRECTORY LISTING
http://www.edu-cyberpg.com/Directory/
HOT LIST REGISTRY OF K12 SCHOOLS ONLINE
http://www.edu-cyberpg.com/Schools/
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
Other related posts:
2005 SANS Top 20 List of Vulnerabilities -- November 23, 2005
