SANS Top 20 Internet Security Vulnerabilities for 2004
IN04-003
Date: 8 October 2004
Purpose
This information note is issued to draw attention to the release of the SANS Institute's annual list of the top 20 most critical Internet vulnerabilities on October 8. PS has also participated in a joint announcement of the list with the SANS Institute and the governments of the United States and the United Kingdom.
Assessment
This is the fourth annual top 20 list published by SANS, and is comprised of two top 10 lists of most commonly exploited services in Windows operating systems and in UNIX and LINUX-based operating systems, respectively. These have been selected, based upon a consensus from a number of individual information security practitioners, as those vulnerabilities most targeted by cyber attacks. The top 20 list is also accompanied by tools to test for the presence of these vulnerabilities in IT assets, as well as detailed description of each vulnerability and measures that should be taken by system administrators to correct it.
The full top 20 list is available at www.sans.org/top20.
The SANS Institute consider the Top 20 a living document that reflect the ever changing attack vectors such as Instant Messaging as well as providing effective countermeasures to protect against these vulnerabilities. Over the past year, PS has also released alerts and advisories related to a number of the vulnerabilities highlighted in this year's top 20.
Top Vulnerabilities to Windows Systems
- W1 Web Servers & Services
- W2 Workstation Service
- W3 Windows Remote Access Services
- W4 Microsoft SQL Server (MSSQL)
- W5 Windows Authentication
- W6 Web Browsers
- W7 File-Sharing Applications
- W8 LSAS Exposures
- W9 Mail Client
- W10 Instant Messaging
Top Vulnerabilities to UNIX Systems
- U1 BIND Domain Name System
- U2 Web Server
- U3 Authentication
- U4 Version Control Systems
- U5 Mail Transport Service
- U6 Simple Network Management Protocol (SNMP)
- U7 Open Secure Sockets Layer (SSL)
- U8 Misconfiguration of Enterprise Services NIS/NFS
- U9 Databases
- U10 Kernel
Suggested Action
PS highly recommends that system administrators consult the top 20 list and ensure that their systems have been hardened against attacks based on these vulnerabilities. As always, IT security protocols should be kept up-to-date and all systems should be adequately patched. As part of the SANS Top 20, Qualys has made available a free tool to detect the SANS Top 20. It is available at: https://sans20.qualys.com
Note to Readers
The Canadian Cyber Incident Response Centre (CCIRC) provides a focal point for Canada's cyber threat and vulnerability warning, analysis and response. CCIRC is responsible for assuring the resilience of national critical infrastructure through monitoring threats and coordinating a federal response to cyber security incidents of national interest. CCIRC operates in conjunction with the Government Operations Centre (GOC) within Public Safety Canada and is a key component of the government's all-hazards approach to emergency management and national security.
For general information, please contact Public Safety Canada's Public Affairs division at:
Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589
E-mail: communications@ps-sp.gc.ca