AOH :: ISN-1733.HTM

2005 SANS Top 20 List of Vulnerabilities -- November 23, 2005

2005 SANS Top 20 List of Vulnerabilities -- November 23, 2005
2005 SANS Top 20 List of Vulnerabilities -- November 23, 2005

This email newsletter comes to you free and is supported by the 
following advertisers, which offer products and services in which 
you might be interested. Please take a moment to visit these 
advertisers' Web sites and show your support for Security UPDATE. 

Free Utility: Find Performance Bottlenecks 

Provide Secure Remote Access 

1. In Focus: 2005 SANS Top 20 List of Vulnerabilities 

2. Security News and Features
   - Recent Security Vulnerabilities
   - Microsoft Bolsters Antiphishing Efforts with Third-Party Data
   - Windows Genuine Advantage Now Supports Mozilla-based Browsers
   - CMP Buys Black Hat

3. Instant Poll

4. Security Toolkit
   - Security Matters Blog
   - FAQ
   - Security Forum Featured Thread

5. New and Improved
   - Web Filter Gets New Features

==== Sponsor: Diskeeper ===
Free Utility: Find Performance Bottlenecks
   Disk Performance Analyzer for Networks is a free utility that 
remotely scans your systems looking for fragmentation-related disk 
performance bottlenecks. Disk fragmentation is a major source of 
slowdowns, freeze-ups and headaches; with Disk Performance Analyzer you 
can stamp out these little fires before they flare up into five-alarm 
blazes. Disk Performance Analyzer will save you time and reduce help 
desk traffic by enabling you to find and fix these problems before they 
find (and fix) your users and you. Get the free Disk Performance 
Analyzer for Networks now! 

==== 1. In Focus: 2005 SANS Top 20 List of Vulnerabilities
   by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

Since 2000, The SANS (SysAdmin, Audit, Network, Security) Institute has 
maintained a list of what it considers to be the vulnerabilities that 
administrators should be most aware of. The list can be looked at as a 
summary of concerns to address if you don't have time to immediately 
address all known vulnerabilities in the universe. The reason you might 
use the Top 20 List as your short list is that typically the most 
critical vulnerabilities are the ones used by intruders to launch 
attacks--which often turn out to be widespread.

This week, SANS published the annual version of its SANS Top 20 Most 
Critical Internet Vulnerabilities list. The list is divided into 
sections that cover problems related to Windows platforms, Unix 
platforms, cross-platform products, and networking products. According 
to Rohit Dhamankar, project manager for the SANS Top 20 (and lead 
security architect at 3Com division TippingPoint), "Vulnerabilities on 
this list meet four requirements: (1) they affect a large number of 
users, (2) they have not been patched on a substantial number of 
systems, (3) they allow computers to [be] controlled by a remote, 
unauthorized user, (4) sufficient details about the vulnerabilities 
have been posted to the Internet to enable attackers to exploit them."

If you look at the report, you might think "Top 20" is a bit of a 
misnomer. The report has 20 categories of vulnerabilities, and in any 
given category, you might find 10 or more individual vulnerabilities. 
Thus, the Top 20 report includes dozens upon dozens of critical 
vulnerabilities. For example, vulnerabilities in the PHP scripting 
language might expand into countless application vulnerabilities. In 
another example, peer-to-peer (P2P) file-sharing software is cited as a 
vulnerability. How many different types of P2P software are there these 
days? I lost count some time ago. 

You're probably getting the picture: The report isn't exactly a guide 
to quickly fixing the top 20 vulnerability problems. That said, it does 
reveal some of the major vulnerability trends of this year. 

SANS says that in the past, the majority of attacks targeted Windows, 
UNIX (I assume they include Linux in the UNIX category), Web services, 
email services, and similar Internet services. However, this year, a 
different trend has emerged. According to SANS, more attacks this year 
have been aimed at critical core services, such as backup applications, 
antivirus software, and "other security tools." Another trend pointed 
out in the report "is public recognition of the critical 
vulnerabilities that are found in network devices such as routers and 
switches that form the backbone of the Internet." 

As for Windows platforms, the report points out 11 critical 
vulnerabilities in system services, 10 in Microsoft Internet Explorer 
(IE), 11 in various system libraries, 3 in Microsoft Office and Outlook 
Express, as well as the risk of using weak password schemes in the OS 
and related services, such as SQL Server. That's at least 32 
vulnerabilities plus an entire password infrastructure to address. 

Hopefully, you've addressed all these problems as they've become known 
to the public over the past year. If not, the quickest way to find out 
if you're vulnerable to most of the items in the report is of course to 
use a decent vulnerability scanner. Be sure to check the report (first 
URL below) to determine whether it mentions vulnerabilities that you 
haven't addressed that might affect your network. You can also check 
out our news story on the SANS Top 20 list on our Web site (second URL 

==== Sponsor: Panda Software ===
Provide Secure Remote Access
   It may be tempting to deploy a WiFi wireless access point or offer 
PDAs or laptops to your roaming employees so they can work from 
virtually anywhere. In this free white paper you'll get the important 
security implications you should consider before you do so. 

==== 2. Security News and Features ===
Recent Security Vulnerabilities
   If you subscribe to this newsletter, you also receive Security 
Alerts, which inform you about recently discovered security 
vulnerabilities. You can also find information about these 
discoveries at 

Microsoft Bolsters Antiphishing Efforts with Third-Party Data
   Microsoft announced that three companies will help bolster its 
Phishing Filter and SmartScreen technologies. Each of the three 
companies--Cyota, Internet Identity, and MarkMonitor--will regularly 
provide Microsoft with data that helps identify known phishing sites. 

Windows Genuine Advantage Now Supports Mozilla-based Browsers
   Downloading certain types of software from Microsoft's Web site has 
typically been limited to those who use Microsoft Internet Explorer 
(IE). But not anymore. The Windows Genuine Advantage team created a new 
ActiveX control that works with browsers based on code developed by the 
Mozilla Foundation. 

CMP Buys Black Hat
   Black Hat, operator of popular conferences related to information 
security, has been acquired by CMP Media. Jeff Moss, Black Hat founder, 
will continue as director of Black Hat for CMP. 

==== Resources and Events ===
Get the Most from Reporting Services
   In this free Web seminar, you'll learn about innovative ways to 
extend your reports, reporting from XML-based data, delivering reports 
with the new Report Viewer, supercharging reports with SQL Server 2005 
CLR stored procedures, and more! Register today: 

Free Tools to Stop Internet Attacks
   Your network users' negligent or inappropriate activity is often the 
entry point for Internet criminals to access your systems. In this free 
Web seminar, you'll learn how to effectively implement policy, user 
training, and technology to mitigate Internet risks. You will take away 
free tools to help you analyze threats and create Acceptable-Use 
Policies (AUPs). Register now at 

Get the Most from Your Infrastructure by Consolidating Servers and 
   Improved utilization of existing networking resources and server 
hardware lets you allocate money and time where they're needed most. In 
this free Web seminar, learn to optimize your existing infrastructure 
with the addition of server and storage consolidation software and 
techniques. You'll get the jumpstart you need to evaluate the 
suitability and potential of your computing environment for the added 
benefits that consolidation technology can provide. 

Do You Know What "High Availability" Really Means?
   In this free guide learn what high availability really means and the 
different strategies that you can use to improve your email systems' 
availability and resiliency. Download this FREE guide now and get 
prepared to choose the appropriate solutions to protect your messaging 
data at the lowest cost; with the highest reliability. 

Win the NEW, full-color LCD Display iPod (for Mac or PC)
   Download a Windows IT Pro podcast on Windows IT Pro Radio by your 
favorite author, editor or industry figure. You'll automatically be 
entered to win! 

Win A $100 American Express Gift Certificate!
   We invite you to take 3 minutes and tell us your opinion about the 
email security products and services you currently use--or wish you 
could use. Take the Email Security Products Survey today at 

==== 3. Instant Poll ===
Results of Previous Poll: Which of the following devices and/or 
software do you monitor?
   The voting has closed in this Windows IT Pro Security Hot Topic 
nonscientific Instant Poll. Here are the results from the 15 votes:
   - 20% Windows 
   - 13% Network devices such as firewalls, gateways, VPN appliances, 
and wireless Access Points
   -  0% Important applications such as Exchange Server and IIS
   - 67% Two or more of the above 
   -  0% None of the above

New Instant Poll: What's the best defense against malware?
   Go to the Security Hot Topic and submit your vote for 
   - Establish a Guest account for risky activities
   - Connect user workstations only to trusted accounts
   - Maintain and regularly use anti-malware software
   - Educate all users about malware risks
   - My pop-up blocker is sufficient 

==== Featured White Paper ===
Learn about the capabilities offered by the integration of Microsoft 
SMS 2003 and Afaria
   In this free white paper, you'll learn about new functionality and 
benefits of Microsoft SMS specifically targeted to improving management 
of remote and mobile devices, challenges of managing frontline systems, 
how the combined solution creates value around the successful use of 
technology at the front lines of business and more. 

==== Hot Release ===
Meet the challenges of Microsoft Exchange
   Discover a unified solution to get a handle on the growth of your 
email and unstructured data and address compliance and government 
mandates. In this free white paper you'll learn to overcome the 
management and storage challenges that Microsoft Exchange can bring. 

==== 4. Security Toolkit ==== 

Security Matters Blog: Security Work to Go
by Mark Joseph Edwards, 

Laptops are great tools, particularly when it comes to security work, 
because they're portable. But what about an ultraportable computer? 
Check out this blog article to learn about an incredibly powerful full-
function PC that you can literally put in your pocket. 

by John Savill, 

Q: How can I dump out the mailbox permissions on a Microsoft Exchange 
Server box or bulk change multiple users' attributes at once?

Find the answer at 

Security Forum Featured Thread: Errors in Generic Host Services and LSA 
Shell services
   A forum participant's Windows Server 2003, Enterprise Edition system 
is rebooting at frequent intervals due to some sort of remote procedure 
call (RPC) error. Whenever it restarts, the system generates errors 
related to LSASS and Generic Host Services. After the system is back up 
and running for about 5 to 10 minutes, those services stop. Know what 
the problem might be? Join the discussion at: 

==== Announcements ===   (from Windows IT Pro and its partners)

VIP Monthly Online Pass = Quick Answers
   Sign up for a VIP Monthly Online Pass and get online access to ALL 
the articles, tools, and helpful resources published in SQL Server 
Magazine, Windows IT Pro, Exchange and Outlook Administrator, Windows 
Scripting Solutions, and Windows IT Security. You'll have 24/7 access 
to a database of more than 25,000 articles that will give you all the 
answers you need, when you need them. BONUS--Includes the latest issue 
of Windows IT Pro each month. Sign up now for just US$29.95 per month: 

Need Answers to Your Tough Security Questions?
   The Windows IT Security newsletter can help. Subscribe now and 
discover fundamentals on building and maintaining a secure enterprise. 
Each issue features in-depth product coverage of the best security 
tools available, expert advice on the best way to implement various 
security components, and much more. Paid subscribers also get 
searchable access to the full online security article database (more 
than 1900 articles). Subscribe today: 

==== 5. New and Improved === by Renee Munshi, 

Web Filter Gets New Features
   8e6 Technologies announced new features for its R3000 Internet 
filtering appliance. The R3000 can now block the use of Google Web 
Accelerator (Accelerator can have the effect of circumventing Internet 
filtering) and enforce Yahoo! SafeSearch mode (even if end users 
deactivate SafeSearch from their browsers). R3000 users can now use 
wildcards in specifying sites to block; and the R3000's X-Strikes 
feature, which lets administrators set criteria for restricting a 
user's Internet access after repeated attempts to access "unacceptable" 
Internet sites, has been enhanced. For more information, go to 

Tell Us About a Hot Product and Get a T-Shirt!
   Have you used a product that changed your IT experience by saving 
you time or easing your daily burden? Tell us about the product, and 
we'll send you a T-shirt if we write about the product in a future 
Windows IT Pro What's Hot column. Send your product suggestions with 
information about how the product has helped you to 

Editor's note: Share Your Security Discoveries and Get $100
   Share your security-related discoveries, comments, or problems and 
solutions in the Windows IT Security print newsletter's Reader to 
Reader column. Email your contributions (500 words or less) to If we print your submission, you'll 
get $100. We edit submissions for style, grammar, and length.

==== Contact Us ==== 

About the newsletter -- 
About technical questions -- 
About product news -- 
About your subscription -- 
About sponsoring Security UPDATE -- 

This email newsletter is brought to you by Windows IT Security, 
the leading publication for IT professionals securing the Windows 
enterprise from external intruders and controlling access for 
internal users. Subscribe today. 

View the Windows IT Pro privacy policy at 

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2005, Penton Media, Inc. All rights reserved.

Earn your Master's degree in Information Security ONLINE 
Study IA management practices and the latest infosec issues.
Norwich University is an NSA Center of Excellence.

Site design & layout copyright © 1986-2015 CodeGods