Your Ad Here Your Ad Here
Results 1 to 4 of 4

Thread: Top 20 Internet Vulnerabilities

  1. #1
    The Twenty Most Critical Internet Security Vulnerabilities

    The vast majority of worms and other successful cyber attacks are made possible by vulnerabilities in a small number of common operating system services. Attackers are opportunistic. They take the easiest and most convenient route and exploit the best-known flaws with the most effective and widely available attack tools. They count on organizations not fixing the problems, and they often attack indiscriminately, scanning the Internet for any vulnerable systems. The easy and destructive spread of worms, such as Blaster, Slammer, and Code Red, can be traced directly to exploitation of unpatched vulnerabilities.

    Three years ago, the SANS Institute and the National Infrastructure Protection Center (NIPC) at the FBI released a document summarizing the Ten Most Critical Internet Security Vulnerabilities. Thousands of organizations used that list, and the expanded Top Twenty lists that followed one and two years later, to prioritize their efforts so they could close the most dangerous holes first. The vulnerable services that led to the examples above Blaster, Slammer, and Code Red, as well as NIMDA worms - are on that list.

    This updated SANS Top Twenty is actually two Top Ten lists: the ten most commonly exploited vulnerable services in Windows and the ten most commonly exploited vulnerable services in UNIX and Linux. Although there are thousands of security incidents each year affecting these operating systems, the overwhelming majority of successful attacks target one or more of these twenty vulnerable services.

    The Top Twenty is a consensus list of vulnerabilities that require immediate remediation. It is the result of a process that brought together dozens of leading security experts. They come from the most security-conscious federal agencies in the US, UK and Singapore; the leading security software vendors and consulting firms; the top university-based security programs; many other user organizations; and the SANS Institute. A list of participants may be found at the end of this document.

    The SANS Top Twenty is a living document. It includes step-by-step instructions and pointers to additional information useful for correcting the security flaws. We will update the list and the instructions as more critical threats and more current or convenient methods are identified, and we welcome your input along the way. This is a community consensus document -- your experience in fighting attackers and in eliminating the vulnerabilities can help others who come after you. Please send suggestions via e-mail to

    Top Vulnerabilities to Windows Systems

    W1 Internet Information Services (IIS)
    W2 Microsoft SQL Server (MSSQL)
    W3 Windows Authentication
    W4 Internet Explorer (IE)
    W5 Windows Remote Access Services
    W6 Microsoft Data Access Components (MDAC)
    W7 Windows Scripting Host (WSH)
    W8 Microsoft Outlook Outlook Express
    W9 Windows Peer to Peer File Sharing (P2P)
    W10 Simple Network Management Protocol (SNMP)

    Top Vulnerabilities to UNIX Systems

    U1 BIND Domain Name System
    U2 Remote Procedure Calls (RPC)
    U3 Apache Web Server
    U4 General UNIX Authentication Accounts with No Passwords or Weak Passwords
    U5 Clear Text Services
    U6 Sendmail
    U7 Simple Network Management Protocol (SNMP)
    U8 Secure Shell (SSH)
    U9 Misconfiguration of Enterprise Services NIS/NFS
    U10 Open Secure Sockets Layer (SSL)


  2. Software & Hardware   -   #2
    Join Date
    Jan 2003
    United Kingdom
    Haven't you learned from your mistakes sharedholder?

    If you find similar topics that you have posted previously to be replied at a zero-reply rate, then why not bother posting them again? Just PM a link to to the source for someone who is interested ...

  3. Software & Hardware   -   #3
    If you find similar topics that you have posted previously to be replied at a zero-reply rate
    I don't hunt replyes ,i just want to help the people

  4. Software & Hardware   -   #4
    or go HERE, more like 31 vulnerabilities.

    @amarjit - sharedholder's intentions are good and it's the thought that counts


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts