Another website everyone already knows, but I will mention again, is the SANs site and the the 'top 20' list. The list shows both MS and *nix exploits, by no means a complete list, but still a good jumping point for both OS platforms. One of the hotbuttons on both platforms - including Linux has been SNMP (versioning and community string). On the SANS list it is mentioned on the *nix side but not the MS side. Experience with nmap or NESSUS, or even ISS shows SNMP as a high level exploit for the above mentioned areas. So to 'beat the dead horse' even further so to speak, the real level of security has to be determined by the SA in conjunction with any group or organization policies, standardards or SOPs. Whoa - I hate when I sound like an organization. I thinks I needs my: