ITrain Homepage

Site Directory
Membership
Train-the-Trainer
Trainer Certification
Certified Training Materials
ITinfo E-zine
Responsible Training
White Papers
Trainer Resources
What's New
Speaking Engagements
Onsite Training
ITrain Gear



Popular Links
Speaking Engagements
Training Manuals
Certification
Train the Trainer
The Training Book
Technical Writing
Privacy Policy

Print this document

Google
Web ITrain.org

Security List Posted

Top 20 items prioritized for easy reference

ITinfo Sponsor

ERROR: Random File Unopenable

ERROR: Random File Unopenable

The random file, as specified in the $random_file perl variable was unopenable.

The file was not found on your file system. This means that it has either not been created or the path you have specified in $trrandom_file is incorrect.

FBI & SANS Release List of Top 20 Security Holes

by Dave Murphy
ISSN 1535-3613

Dave Murphy, ITrain founder The U.S. Federal Bureau of Investigation (FBI) and experts from the System Administration, Networking, and Security Institute (SANS) have released a list of the top 20 most important Internet security vulnerabilities. The list is important to all, including Windows, Unix, and Linux users.

Experts report that many system administrators and general users do not correct the security flaws in their systems because they were too busy to correct them all and they couldn't prioritize their efforts because they didn't know which posed the greatest threat to security.

Top general vulnerabilities

  1. Default installs of operating systems and applications
  2. Accounts with No Passwords or Weak Passwords
  3. Non-existent or Incomplete Backups
  4. Large number of open ports
  5. Not filtering packets for correct incoming and outgoing addresses
  6. Non-existent or incomplete logging

Vulnerable CGI Programs

  1. Top Windows vulnerabilities
  2. Unicode Vulnerability (Web Server folder traversal)
  3. ISAPI extension buffer overflows
  4. IIS RDS exploit (Microsoft Remote Data Services)
  5. NETBIOS - unprotected Windows networking shares
  6. Information leakage via null session connections
  7. Weak hashing in SAM (LAN Manager hash)

Top Unix system vulnerabilities

  1. Buffer overflows in RPC services
  2. Sendmail vulnerabilities
  3. BIND weaknesses
  4. Remote commands
  5. LPD (remote print protocol daemon)
  6. sadmind and mountd
  7. Default Simple Network Management Protocol (SNMP) strings

Dave's Opinion

I empathize with users who say they don't have time to keep their systems secure. I spend more than eight hours a week keeping the computers in my office updated. Much of this work is done after normal work hours, so it's definitely not my favorite task.

I keep a folder of updates that have to be done and I log modifications so I don't have to rely on my memory. It's still a lot of mental work to keep track of what's been done, when, and to which system.

By prioritizing the necessary patches, the FBI/SANS list will be a help to administrators.

Call for Comments

What do you think? Leave your comments on the message center.

References

The Twenty Most Critical Internet Security Vulnerabilities
Message Center

Subscribe to ITinfo.
Receive computing and Internet news & tips
by subscribing to the ITinfo information service.
Type your Internet email address in the form, and click "Subscribe."
Email Address:

Previous issues are on our website at http://itrain.org/itinfo/.

International Association of Information Technology Trainers
PMB 616
6030-M Marshalee Dr
Elkridge, MD 21075-5987

410.567.5366
1.888.290.6200
fax: 801.650.0423
Membership Director: member@itrain.org

Return to ITrain Homepage

Copyright © 2001 International Association of Information Technology Trainers, Ltd., All Rights Reserved

http://itrain.org/itinfo/2001/it011004.html
updated October 4, 2001