Home users and network professionals who are worried about security should pay attention. The SANS
Institute and the FBI's National Infrastructure Protection Center have released their annual top 20
list of vulnerabilities, a cheat sheet for recognizing the most dangerous threats.
The list is split into two top 10 lists, one for Windows holes and the other for Unix/Linux holes. It's meant to help less-experienced system administrators and managers of small networks prioritize their fixes.
The tide of security advisories from Microsoft, open-source groups, and security companies could keep a legion of admins patching and testing on a full-time basis. Although SANS advises IT managers to patch as much as they can, they say they've had responses from those who say it's not possible to keep up with the vulnerabilities announced each day.
"The list is especially intended for those organizations that lack the resources to train, or those without technically advanced security administrators," the SANS website says. "The individuals with responsibility for networks in those organizations often report that they have not corrected many of these flaws because they simply do not know which vulnerabilities are most dangerous, they are too busy to correct them all, or they do not know how to correct them safely."
Open to Vulnerabilities
The list for Windows focuses on network tools such as the Internet Information Service, or IIS, which was hit by the Code Red and Code Blue worms last year. Many of the vulnerabilities affect networks and home users, those with weak or no passwords, a series of Internet Explorer holes, and the poor configuration of imbedded networking tools, specifically NetBIOS.
Windows 95, Windows 98, Windows NT, Windows Me, Windows 2000, and Windows XP are all vulnerable to these open-networking shares, and connected computers can be vulnerable to compromises.
"Many computer owners unknowingly open their systems to hackers when they try to improve convenience for co-workers and outside researchers by making their drives readable and writeable by network users," the SANS release explains. Open-network shares contributed to the Sircam virus and Nimda virus epidemics in the summer of 2001.
Weak passwords affect all platforms and all user types. Trends in compromises of both Windows and Unix point to an increased exploit of remote services and the knowledge that passwords and logon names are never changed from the install defaults.
For home users of Windows products, the best way to manage software vulnerabilities is to frequently run the Windows Update service.
Port Security
The most interesting of the Unix/Linux holes is the Apache Web server hole that facilitated the Slapper worm last month. Although the hole only affects Web servers, the market share of this open-source program proved too inviting for crackers, and it spawned what turned out to be one of the first big open-source viruses to date.
While lists in previous years focused on the vulnerability of open ports, and a major theme in last year's list was the exploitation of buffer overflows, this year the emphasis illustrates the vulnerability of remote entry points. The SANS website offers a list of the ports used by commonly probed and attacked services.
"By blocking traffic to these ports at the firewall or other network perimeter protection devices, you add an extra layer of defense that helps protect you from configuration mistakes," the site reads.
The list is a valuable tool for all network administrators and for the security-conscious users who hope to lock down their computers.