Sans Top 20 2003
Results 1 to 2 of 2

Thread: Sans Top 20 2003

  1. #1
    Senior Member
    Join Date
    Nov 2001

    Sans Top 20 2003

    I did a search of the past week and was surprised I didn’t fine this here.i always see this here first. Well I used too.

    This is a list of the most commom vulns from last year, what their about and what you can do to defend against them. It’s really quit a good read

    This updated SANS Top Twenty is actually two Top Ten lists: the ten most commonly exploited vulnerable services in Windows and the ten most commonly exploited vulnerable services in UNIX and Linux.

    The Top Twenty is a consensus list of vulnerabilities that require immediate remediation. It is the result of a process that brought together dozens of leading security experts. They come from the most security-conscious federal agencies in the US, UK and Singapore; the leading security software vendors and consulting firms; the top university-based security programs; many other user organizations; and the SANS Institute.


    · W1 Internet Information Services (IIS)

    · W2 Microsoft SQL Server (MSSQL)

    · W3 Windows Authentication

    · W4 Internet Explorer (IE)

    · W5 Windows Remote Access Services

    · W6 Microsoft Data Access Components (MDAC)

    · W7 Windows Scripting Host (WSH)

    · W8 Microsoft Outlook and Outlook Express

    · W9 Windows Peer to Peer File Sharing (P2P)

    · W10 Simple Network Management Protocol (SNMP)

    Top Vulnerabilities to UNIX Systems

    · U1 BIND Domain Name System

    · U2 Remote Procedure Calls (RPC)

    · U3 Apache Web Server

    · U4 General UNIX Authentication Accounts with No Passwords or Weak Passwords

    · U5 Clear Text Services

    · U6 Sendmail

    · U7 Simple Network Management Protocol (SNMP)

    · U8 Secure Shell (SSH)

    · U9 Misconfiguration of Enterprise Services NIS/NFS

    · U10 Open Secure Sockets Layer (SSL)

    The SANS Top Twenty is a living document. It includes step-by-step instructions and pointers to additional information useful for correcting the security flaws.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  2. #2
    Senior Member
    Join Date
    Feb 2002
    That's a lot of reading.. knowing me, I'll probably put it off for weeks or months..

    but thanks for posting it..

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts