Sans Top 20 2003
Results 1 to 2 of 2

Thread: Sans Top 20 2003

  1. #1
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786

    Sans Top 20 2003

    I did a search of the past week and was surprised I didn’t fine this here.i always see this here first. Well I used too.

    This is a list of the most commom vulns from last year, what their about and what you can do to defend against them. It’s really quit a good read


    http://www.sans.org/top20/#u2

    This updated SANS Top Twenty is actually two Top Ten lists: the ten most commonly exploited vulnerable services in Windows and the ten most commonly exploited vulnerable services in UNIX and Linux.

    The Top Twenty is a consensus list of vulnerabilities that require immediate remediation. It is the result of a process that brought together dozens of leading security experts. They come from the most security-conscious federal agencies in the US, UK and Singapore; the leading security software vendors and consulting firms; the top university-based security programs; many other user organizations; and the SANS Institute.

    Windows

    · W1 Internet Information Services (IIS)
    http://www.sans.org/top20/#w1

    · W2 Microsoft SQL Server (MSSQL)
    http://www.sans.org/top20/#w2

    · W3 Windows Authentication
    http://www.sans.org/top20/#w3

    · W4 Internet Explorer (IE)
    http://www.sans.org/top20/#w4

    · W5 Windows Remote Access Services
    http://www.sans.org/top20/#w5

    · W6 Microsoft Data Access Components (MDAC)
    http://www.sans.org/top20/#w6

    · W7 Windows Scripting Host (WSH)
    http://www.sans.org/top20/#w7

    · W8 Microsoft Outlook and Outlook Express
    http://www.sans.org/top20/#w8

    · W9 Windows Peer to Peer File Sharing (P2P)
    http://www.sans.org/top20/#w9

    · W10 Simple Network Management Protocol (SNMP) http://www.sans.org/top20/#w10


    Top Vulnerabilities to UNIX Systems

    · U1 BIND Domain Name System
    http://www.sans.org/top20/#u1

    · U2 Remote Procedure Calls (RPC)
    http://www.sans.org/top20/#u2

    · U3 Apache Web Server
    http://www.sans.org/top20/#u3

    · U4 General UNIX Authentication Accounts with No Passwords or Weak Passwords
    http://www.sans.org/top20/#u4

    · U5 Clear Text Services
    http://www.sans.org/top20/#u5

    · U6 Sendmail
    http://www.sans.org/top20/#u6

    · U7 Simple Network Management Protocol (SNMP)
    http://www.sans.org/top20/#u7

    · U8 Secure Shell (SSH)
    http://www.sans.org/top20/#u8

    · U9 Misconfiguration of Enterprise Services NIS/NFS
    http://www.sans.org/top20/#u9

    · U10 Open Secure Sockets Layer (SSL)
    http://www.sans.org/top20/#u10


    The SANS Top Twenty is a living document. It includes step-by-step instructions and pointers to additional information useful for correcting the security flaws.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  2. #2
    Senior Member
    Join Date
    Feb 2002
    Posts
    1,210
    That's a lot of reading.. knowing me, I'll probably put it off for weeks or months..

    but thanks for posting it..

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •