Monday, October 07, 2002

Security: Top 20 Security Vulnerabilities

The U.S. General Services Administration released their updated top 20 security vulnerabilities on 2 October. These cause about 80% of the hacking incidents on the internet.

Top Vulnerabilities to Windows Systems
W1 Internet Information Services (IIS)
W2 Microsoft Data Access Components (MDAC) -- Remote Data Services
W3 Microsoft SQL Server
W4 NETBIOS -- Unprotected Windows Networking Shares
W5 Anonymous Logon -- Null Sessions
W6 LAN Manager Authentication -- Weak LM Hashing
W7 General Windows Authentication -- Accounts with No Passwords or Weak Passwords
W8 Internet Explorer
W9 Remote Registry Access
W10 Windows Scripting Host

Top Vulnerabilities to Unix Systems
U1 Remote Procedure Calls (RPC)
U2 Apache Web Server
U3 Secure Shell (SSH)
U4 Simple Network Management Protocol (SNMP)
U5 File Transfer Protocol (FTP)
U6 R-Services -- Trust Relationships
U7 Line Printer Daemon (LPD)
U8 Sendmail
U10 General Unix Authentication -- Accounts with No Passwords or Weak Passwords


Post a Comment

<< Home