Sunday, January 15, 2006

SANS Top 20 Internet Security Vulnerabilities

SANS has put out their 2005 version of the top 20 most critical Internet security vulnerabilities. From the web page:
Hence, the Top-20 2005 is a consensus list of vulnerabilities that require immediate remediation. It is the result of a process that brought together dozens of leading security experts. They come from the most security-conscious government agencies in the UK, US, and Singapore; the leading security software vendors and consulting firms; the top university-based security programs; many other user organizations; and the SANS Institute.
For the first time, they have includes categories for Cross-Platform Applications and Networking Products. Categories include: Windows Systems:
  • Windows services
  • Internet Explorer
  • Windows libraries
  • Microsoft Office and Outlook Express
  • Windows configuration weaknesses
Cross-Platform Applications:
  • Backup software
  • Anti-virus software
  • PHP-based applications
  • Database software
  • File sharing applications
  • DNS software
  • Media players
  • Instant messaging applications
  • Mozilla and Firefox browsers
  • Other cross-platform applications
UNIX Systems:
  • UNIX configuration weaknesses
  • Mac OS X
Networking Products
  • Cisco IOS and non-ISO products
  • Juniper, CheckPoint and Symantec products
  • Cisco devices configuration weaknesses
If you have not updated your systems in over a year, they suggest looking at their 2004 list and remedying those issues before starting on this 2005 list. [from beSpecific]

No comments: