Get a fix on the top 10 security vulnerabilities

Get a fix on the top 10 security vulnerabilities

The SANS Institute provides tools on its Web site that will let you scan your systems for problems

By William Jackson

GCN Staff

Programs to scan for the top 10 computer security vulnerabilities are now downloadable from the Web site of the SANS Institute of Bethesda, Md.

To find the programs, go to www.sans.org.



Last month a panel of government and industry security experts [GCN, June 12, Page 3] identified these as the top 10 threats to systems:

BIND weaknesses. Berkeley Internet Name Domain is the most widely used Domain Name Service software for translating domain names into IP addresses. It has security holes that give intruders administrative access to DNS servers.

Common Gateway Interface programs. They make Web pages interactive, and hackers can execute malicious commands by exploiting sample CGI programs that come installed on Web servers.

Remote procedure calls. RPCs let programs on one computer execute programs on another. RPC vulnerabilities probably were used to launch distributed denial-of-service attacks earlier this year and last year.

Remote data services. A security hole in Microsoft Internet Information Server software lets intruders run remote commands with administrative privileges.

Sendmail buffer overflows. Malformed messages arriving via the Unix sendmail utility can force execution of improper commands.

The Defense-funded Computer Emergency Response Team's first advisory in 1988 was about a sendmail weakness.

Sadmind and mountd. These commands, pronounced s-admin-d and mount-d, perform administrative functions for SunSoft Solaris and other Unix operating systems. Intruders can exploit their buffer overflows to gain root access.

Global file sharing. Various services under Microsoft Windows NT and AppleTalk permit file sharing across networks.

Improperly configured, they expose system files to intruders.

No passwords or weak passwords. Common default passwords and simple, easily guessed or cracked passwords bring outsiders inside the firewall without any need for sophisticated hacking techniques.

IMAP and POP buffer overflows. Intruders can use buffer overflow weaknesses in the Internet Messaging Access Protocol and the Post Office Protocol to gain root-level control.

Default SNMP community strings. Leaving default passwords unchanged lets intruders use the Simple Network Management Protocol to control network devices. Most SNMP devices have the widely known passwords 'public' or 'private.'

inside gcn

  • How technology can help first responders save lives

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group