October 9th, 2003, 02:16 AM
Security group names top software flaws
A security organization published its fourth annual list of the most vulnerable software Wednesday, putting network administrators on notice that they need to check their systems.
The SysAdmin Audit Network Security (SANS) Institute's "Top 20 Vulnerabilities," first published three years ago in collaboration with the FBI's National Infrastructure Protection Center, consists of two lists: the top 10 flaws in Microsoft's operating system and software; and the top 10 flaws in Unix systems.
"The (list) defines the set of network security vulnerabilities that are most commonly used by hackers to break into systems," Alan Paller, director of research for the SANS Institute, said in a statement. "They should be addressed by network administrators as quickly as possible."
The lists are intended to guide system administrators in checking their systems for flawed software. Each description of the 20 vulnerabilities suggests ways to mitigate the risks that are associated with the particular insecure software.
SANS rated Microsoft's Web server--the Internet Information Service (IIS) software--as the leading cause of vulnerabilities in Windows systems.
Microsoft has issued warnings for more than half a dozen flaws for its IIS Web server software in the last year. In May, the company alerted consumers to four vulnerabilities in the software. Last November, security researchers warned the software giant of other flaws in its Web server. The Code Red worm, which spread widely during July and August 2001, used a flaw in Microsoft's Web servers to infect the machines.
On the Unix side, the Berkeley Internet Name Domain (BIND) domain name system (DNS) software--a widely used program for running Internet databases that match domain names with numerical addresses--is the most problematic program of that family of operating systems, which includes the various flavors of Linux, Sun Microsystems' Solaris and IBM's AIX.
Several flaws have been found in the BIND software in the last year. In March, the Internet Software Consortium released a new version of the software that patched security holes. And in November, security researchers pinpointed another flaw in the software that had to be patched.
Other top flaws on Windows systems included Microsoft's SQL database software, which the Slammer worm exploited, and Windows remote access services such as Microsoft's version of the remote procedure call (RPC) standard, a flaw which the MSBlast worm used in order to spread.
Top Unix-based software flaws include those in the systems' own RPC service implementations as well as insecure Apache Web server installations.
Top Vulnerabilities to Windows Systems
W1 Internet Information Services (IIS)
W2 Microsoft SQL Server (MSSQL)
W3 Windows Authentication
W4 Internet Explorer (IE)
W5 Windows Remote Access Services
W6 Microsoft Data Access Components (MDAC)
W7 Windows Scripting Host (WSH)
W8 Microsoft Outlook Outlook Express
W9 Windows Peer to Peer File Sharing (P2P)
W10 Simple Network Management Protocol (SNMP)
Top Vulnerabilities to UNIX Systems
U1 BIND Domain Name System
U2 Remote Procedure Calls (RPC)
U3 Apache Web Server
U4 General UNIX Authentication Accounts with No Passwords or Weak Passwords
U5 Clear Text Services
U7 Simple Network Management Protocol (SNMP)
U8 Secure Shell (SSH)
U9 Misconfiguration of Enterprise Services NIS/NFS
U10 Open Secure Sockets Layer (SSL)
AntiOnline Quick Forum Version 2b Click Here
October 10th, 2003, 04:45 AM