Spacer Sidebar Directory Map

The Training Book, the handbook for trainers

The Training Book, the handbook for trainers

 

ITrain - International Association of Information Technology Trainers

Security List Posted

Top 20 items prioritized for easy reference

ITINFO Sponsor

Certification Required.

Trainers need certification to get ahead. Certification means more opportunity and more money.

The first step to PTT certification is to successfully complete the Train the Trainer Advanced Seminar & Conference. This 2-day event will hone your training skills beyond what you may have imagined possible. And it makes you eligible to apply for Professional Technical Trainer certification.

Both the Advanced Seminar and the Boot Camp are open to teachers, instructors, and trainers from all disciplines.

The seminars are running in a few weeks. Register now.

Seminar details
Certification details

Internet Poll
Have you attended a seminar via e-learning?
yes
no

poll archive

FBI & SANS Release List of Top 20 Security Holes

by Dave Murphy
ISSN 1535-3613

Dave Murphy, DGL President & ITrain founder The U.S. Federal Bureau of Investigation (FBI) and experts from the System Administration, Networking, and Security Institute (SANS) have released a list of the top 20 most important Internet security vulnerabilities. The list is important to all, including Windows, Unix, and Linux users.

Experts report that many system administrators and general users do not correct the security flaws in their systems because they were too busy to correct them all and they couldn't prioritize their efforts because they didn't know which posed the greatest threat to security.

Top general vulnerabilities

  1. Default installs of operating systems and applications
  2. Accounts with No Passwords or Weak Passwords
  3. Non-existent or Incomplete Backups
  4. Large number of open ports
  5. Not filtering packets for correct incoming and outgoing addresses
  6. Non-existent or incomplete logging

Vulnerable CGI Programs

  1. Top Windows vulnerabilities
  2. Unicode Vulnerability (Web Server folder traversal)
  3. ISAPI extension buffer overflows
  4. IIS RDS exploit (Microsoft Remote Data Services)
  5. NETBIOS - unprotected Windows networking shares
  6. Information leakage via null session connections
  7. Weak hashing in SAM (LAN Manager hash)

Top Unix system vulnerabilities

  1. Buffer overflows in RPC services
  2. Sendmail vulnerabilities
  3. BIND weaknesses
  4. Remote commands
  5. LPD (remote print protocol daemon)
  6. sadmind and mountd
  7. Default Simple Network Management Protocol (SNMP) strings

Dave's Opinion

I empathize with users who say they don't have time to keep their systems secure. I spend more than eight hours a week keeping the computers in my office updated. Much of this work is done after normal work hours, so it's definitely not my favorite task.

I keep a folder of updates that have to be done and I log modifications so I don't have to rely on my memory. It's still a lot of mental work to keep track of what's been done, when, and to which system.

By prioritizing the necessary patches, the FBI/SANS list will be a help to administrators.

Call for Comments

What do you think? Leave your comments on the message center.

References

The Twenty Most Critical Internet Security Vulnerabilities
Message Center

Subscribe to ITINFO.
Receive computing and Internet news & tips
by subscribing to the ITINFO information service.
Type your Internet email address in the form, and click "Subscribe."
Email Address:

Damar Group, Ltd. helps business use technology.

ITINFO is again accepting sponsors. Sponsor messages are included in ITINFO's email newsletter and are permanently posted to DGL's website and online reference areas.

ITINFO is an electronic publication of Damar Group, Ltd., publisher of Training Express computer learning guides. Comments and submissions to info@dgl.com.

Previous issues are on our website at http://dgl.com/itinfo/.

updated October 4, 2001
http://dgl.com/itinfo/2001/it011004.html

Return to DGL homepage
Copyright © 2001, Damar Group, Ltd., All Rights Reserved