[ISN] 2005 SANS Top 20 List of Vulnerabilities -- November 23, 2005
InfoSec News
isn at c4i.org
Thu Nov 24 02:09:24 EST 2005
====================
This email newsletter comes to you free and is supported by the
following advertisers, which offer products and services in which
you might be interested. Please take a moment to visit these
advertisers' Web sites and show your support for Security UPDATE.
Free Utility: Find Performance Bottlenecks
http://list.windowsitpro.com/t?ctl=1A4AB:4FB69
Provide Secure Remote Access
http://list.windowsitpro.com/t?ctl=1A4AC:4FB69
====================
1. In Focus: 2005 SANS Top 20 List of Vulnerabilities
2. Security News and Features
- Recent Security Vulnerabilities
- Microsoft Bolsters Antiphishing Efforts with Third-Party Data
- Windows Genuine Advantage Now Supports Mozilla-based Browsers
- CMP Buys Black Hat
3. Instant Poll
4. Security Toolkit
- Security Matters Blog
- FAQ
- Security Forum Featured Thread
5. New and Improved
- Web Filter Gets New Features
====================
==== Sponsor: Diskeeper ====
Free Utility: Find Performance Bottlenecks
Disk Performance Analyzer for Networks is a free utility that
remotely scans your systems looking for fragmentation-related disk
performance bottlenecks. Disk fragmentation is a major source of
slowdowns, freeze-ups and headaches; with Disk Performance Analyzer you
can stamp out these little fires before they flare up into five-alarm
blazes. Disk Performance Analyzer will save you time and reduce help
desk traffic by enabling you to find and fix these problems before they
find (and fix) your users and you. Get the free Disk Performance
Analyzer for Networks now!
http://list.windowsitpro.com/t?ctl=1A4AB:4FB69
====================
==== 1. In Focus: 2005 SANS Top 20 List of Vulnerabilities
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net
Since 2000, The SANS (SysAdmin, Audit, Network, Security) Institute has
maintained a list of what it considers to be the vulnerabilities that
administrators should be most aware of. The list can be looked at as a
summary of concerns to address if you don't have time to immediately
address all known vulnerabilities in the universe. The reason you might
use the Top 20 List as your short list is that typically the most
critical vulnerabilities are the ones used by intruders to launch
attacks--which often turn out to be widespread.
This week, SANS published the annual version of its SANS Top 20 Most
Critical Internet Vulnerabilities list. The list is divided into
sections that cover problems related to Windows platforms, Unix
platforms, cross-platform products, and networking products. According
to Rohit Dhamankar, project manager for the SANS Top 20 (and lead
security architect at 3Com division TippingPoint), "Vulnerabilities on
this list meet four requirements: (1) they affect a large number of
users, (2) they have not been patched on a substantial number of
systems, (3) they allow computers to [be] controlled by a remote,
unauthorized user, (4) sufficient details about the vulnerabilities
have been posted to the Internet to enable attackers to exploit them."
If you look at the report, you might think "Top 20" is a bit of a
misnomer. The report has 20 categories of vulnerabilities, and in any
given category, you might find 10 or more individual vulnerabilities.
Thus, the Top 20 report includes dozens upon dozens of critical
vulnerabilities. For example, vulnerabilities in the PHP scripting
language might expand into countless application vulnerabilities. In
another example, peer-to-peer (P2P) file-sharing software is cited as a
vulnerability. How many different types of P2P software are there these
days? I lost count some time ago.
You're probably getting the picture: The report isn't exactly a guide
to quickly fixing the top 20 vulnerability problems. That said, it does
reveal some of the major vulnerability trends of this year.
SANS says that in the past, the majority of attacks targeted Windows,
UNIX (I assume they include Linux in the UNIX category), Web services,
email services, and similar Internet services. However, this year, a
different trend has emerged. According to SANS, more attacks this year
have been aimed at critical core services, such as backup applications,
antivirus software, and "other security tools." Another trend pointed
out in the report "is public recognition of the critical
vulnerabilities that are found in network devices such as routers and
switches that form the backbone of the Internet."
As for Windows platforms, the report points out 11 critical
vulnerabilities in system services, 10 in Microsoft Internet Explorer
(IE), 11 in various system libraries, 3 in Microsoft Office and Outlook
Express, as well as the risk of using weak password schemes in the OS
and related services, such as SQL Server. That's at least 32
vulnerabilities plus an entire password infrastructure to address.
Hopefully, you've addressed all these problems as they've become known
to the public over the past year. If not, the quickest way to find out
if you're vulnerable to most of the items in the report is of course to
use a decent vulnerability scanner. Be sure to check the report (first
URL below) to determine whether it mentions vulnerabilities that you
haven't addressed that might affect your network. You can also check
out our news story on the SANS Top 20 list on our Web site (second URL
below).
http://list.windowsitpro.com/t?ctl=1A4C2:4FB69
http://list.windowsitpro.com/t?ctl=1A4B2:4FB69
====================
==== Sponsor: Panda Software ====
Provide Secure Remote Access
It may be tempting to deploy a WiFi wireless access point or offer
PDAs or laptops to your roaming employees so they can work from
virtually anywhere. In this free white paper you'll get the important
security implications you should consider before you do so.
http://list.windowsitpro.com/t?ctl=1A4AC:4FB69
====================
==== 2. Security News and Features ====
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these
discoveries at
http://list.windowsitpro.com/t?ctl=1A4B1:4FB69
Microsoft Bolsters Antiphishing Efforts with Third-Party Data
Microsoft announced that three companies will help bolster its
Phishing Filter and SmartScreen technologies. Each of the three
companies--Cyota, Internet Identity, and MarkMonitor--will regularly
provide Microsoft with data that helps identify known phishing sites.
http://list.windowsitpro.com/t?ctl=1A4B7:4FB69
Windows Genuine Advantage Now Supports Mozilla-based Browsers
Downloading certain types of software from Microsoft's Web site has
typically been limited to those who use Microsoft Internet Explorer
(IE). But not anymore. The Windows Genuine Advantage team created a new
ActiveX control that works with browsers based on code developed by the
Mozilla Foundation.
http://list.windowsitpro.com/t?ctl=1A4B8:4FB69
CMP Buys Black Hat
Black Hat, operator of popular conferences related to information
security, has been acquired by CMP Media. Jeff Moss, Black Hat founder,
will continue as director of Black Hat for CMP.
http://list.windowsitpro.com/t?ctl=1A4BA:4FB69
====================
==== Resources and Events ====
Get the Most from Reporting Services
In this free Web seminar, you'll learn about innovative ways to
extend your reports, reporting from XML-based data, delivering reports
with the new Report Viewer, supercharging reports with SQL Server 2005
CLR stored procedures, and more! Register today:
http://list.windowsitpro.com/t?ctl=1A4AE:4FB69
Free Tools to Stop Internet Attacks
Your network users' negligent or inappropriate activity is often the
entry point for Internet criminals to access your systems. In this free
Web seminar, you'll learn how to effectively implement policy, user
training, and technology to mitigate Internet risks. You will take away
free tools to help you analyze threats and create Acceptable-Use
Policies (AUPs). Register now at
http://list.windowsitpro.com/t?ctl=1A4AD:4FB69
Get the Most from Your Infrastructure by Consolidating Servers and
Storage
Improved utilization of existing networking resources and server
hardware lets you allocate money and time where they're needed most. In
this free Web seminar, learn to optimize your existing infrastructure
with the addition of server and storage consolidation software and
techniques. You'll get the jumpstart you need to evaluate the
suitability and potential of your computing environment for the added
benefits that consolidation technology can provide.
http://list.windowsitpro.com/t?ctl=1A4AA:4FB69
Do You Know What "High Availability" Really Means?
In this free guide learn what high availability really means and the
different strategies that you can use to improve your email systems'
availability and resiliency. Download this FREE guide now and get
prepared to choose the appropriate solutions to protect your messaging
data at the lowest cost; with the highest reliability.
http://list.windowsitpro.com/t?ctl=1A4B0:4FB69
Win the NEW, full-color LCD Display iPod (for Mac or PC)
Download a Windows IT Pro podcast on Windows IT Pro Radio by your
favorite author, editor or industry figure. You'll automatically be
entered to win!
http://list.windowsitpro.com/t?ctl=1A4C0:4FB69
Win A $100 American Express Gift Certificate!
We invite you to take 3 minutes and tell us your opinion about the
email security products and services you currently use--or wish you
could use. Take the Email Security Products Survey today at
http://list.windowsitpro.com/t?ctl=1A4BC:4FB69
====================
==== 3. Instant Poll ====
Results of Previous Poll: Which of the following devices and/or
software do you monitor?
The voting has closed in this Windows IT Pro Security Hot Topic
nonscientific Instant Poll. Here are the results from the 15 votes:
- 20% Windows
- 13% Network devices such as firewalls, gateways, VPN appliances,
and wireless Access Points
- 0% Important applications such as Exchange Server and IIS
- 67% Two or more of the above
- 0% None of the above
New Instant Poll: What's the best defense against malware?
Go to the Security Hot Topic and submit your vote for
- Establish a Guest account for risky activities
- Connect user workstations only to trusted accounts
- Maintain and regularly use anti-malware software
- Educate all users about malware risks
- My pop-up blocker is sufficient
http://list.windowsitpro.com/t?ctl=1A4BD:4FB69
====================
==== Featured White Paper ====
Learn about the capabilities offered by the integration of Microsoft
SMS 2003 and Afaria
In this free white paper, you'll learn about new functionality and
benefits of Microsoft SMS specifically targeted to improving management
of remote and mobile devices, challenges of managing frontline systems,
how the combined solution creates value around the successful use of
technology at the front lines of business and more.
http://list.windowsitpro.com/t?ctl=1A4A9:4FB69
====================
==== Hot Release ====
Meet the challenges of Microsoft Exchange
Discover a unified solution to get a handle on the growth of your
email and unstructured data and address compliance and government
mandates. In this free white paper you'll learn to overcome the
management and storage challenges that Microsoft Exchange can bring.
http://list.windowsitpro.com/t?ctl=1A4AF:4FB69
====================
==== 4. Security Toolkit ====
Security Matters Blog: Security Work to Go
by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=1A4BF:4FB69
Laptops are great tools, particularly when it comes to security work,
because they're portable. But what about an ultraportable computer?
Check out this blog article to learn about an incredibly powerful full-
function PC that you can literally put in your pocket.
http://list.windowsitpro.com/t?ctl=1A4B9:4FB69
FAQ
by John Savill, http://list.windowsitpro.com/t?ctl=1A4BE:4FB69
Q: How can I dump out the mailbox permissions on a Microsoft Exchange
Server box or bulk change multiple users' attributes at once?
Find the answer at
http://list.windowsitpro.com/t?ctl=1A4BB:4FB69
Security Forum Featured Thread: Errors in Generic Host Services and LSA
Shell services
A forum participant's Windows Server 2003, Enterprise Edition system
is rebooting at frequent intervals due to some sort of remote procedure
call (RPC) error. Whenever it restarts, the system generates errors
related to LSASS and Generic Host Services. After the system is back up
and running for about 5 to 10 minutes, those services stop. Know what
the problem might be? Join the discussion at:
http://list.windowsitpro.com/t?ctl=1A4A8:4FB69
====================
==== Announcements ====
(from Windows IT Pro and its partners)
VIP Monthly Online Pass = Quick Answers
Sign up for a VIP Monthly Online Pass and get online access to ALL
the articles, tools, and helpful resources published in SQL Server
Magazine, Windows IT Pro, Exchange and Outlook Administrator, Windows
Scripting Solutions, and Windows IT Security. You'll have 24/7 access
to a database of more than 25,000 articles that will give you all the
answers you need, when you need them. BONUS--Includes the latest issue
of Windows IT Pro each month. Sign up now for just US$29.95 per month:
http://list.windowsitpro.com/t?ctl=1A4B3:4FB69
Need Answers to Your Tough Security Questions?
The Windows IT Security newsletter can help. Subscribe now and
discover fundamentals on building and maintaining a secure enterprise.
Each issue features in-depth product coverage of the best security
tools available, expert advice on the best way to implement various
security components, and much more. Paid subscribers also get
searchable access to the full online security article database (more
than 1900 articles). Subscribe today:
http://list.windowsitpro.com/t?ctl=1A4B6:4FB69
====================
==== 5. New and Improved ====
by Renee Munshi, products at windowsitpro.com
Web Filter Gets New Features
8e6 Technologies announced new features for its R3000 Internet
filtering appliance. The R3000 can now block the use of Google Web
Accelerator (Accelerator can have the effect of circumventing Internet
filtering) and enforce Yahoo! SafeSearch mode (even if end users
deactivate SafeSearch from their browsers). R3000 users can now use
wildcards in specifying sites to block; and the R3000's X-Strikes
feature, which lets administrators set criteria for restricting a
user's Internet access after repeated attempts to access "unacceptable"
Internet sites, has been enhanced. For more information, go to
http://list.windowsitpro.com/t?ctl=1A4C3:4FB69
Tell Us About a Hot Product and Get a T-Shirt!
Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Tell us about the product, and
we'll send you a T-shirt if we write about the product in a future
Windows IT Pro What's Hot column. Send your product suggestions with
information about how the product has helped you to
whatshot at windowsitpro.com.
Editor's note: Share Your Security Discoveries and Get $100
Share your security-related discoveries, comments, or problems and
solutions in the Windows IT Security print newsletter's Reader to
Reader column. Email your contributions (500 words or less) to
r2rwinitsec at windowsitpro.com. If we print your submission, you'll
get $100. We edit submissions for style, grammar, and length.
====================
==== Contact Us ====
About the newsletter -- letters at windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=1A4C1:4FB69
About product news -- products at windowsitpro.com
About your subscription -- windowsitproupdate at windowsitpro.com
About sponsoring Security UPDATE -- salesopps at windowsitpro.com
====================
This email newsletter is brought to you by Windows IT Security,
the leading publication for IT professionals securing the Windows
enterprise from external intruders and controlling access for
internal users. Subscribe today.
http://list.windowsitpro.com/t?ctl=1A4B5:4FB69
View the Windows IT Pro privacy policy at
http://www.windowsitpro.com/AboutUs/Index.cfm?action=privacy
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2005, Penton Media, Inc. All rights reserved.
More information about the ISN
mailing list