On Thu, 2003-10-16 at 09:30, Rik Thomas wrote: > On Thu, 2003-10-16 at 15:36, Cornelius Kölbel wrote: > > > > > > But friends will let friends use the number 5 "Most Critical Internet > > > Security Threat" (http://www.sans.org/top20/top10.php)? > > > > > Wow, do you believe in statistics? > > I think sendmail is on rank 6 at the moment, since it is used that often. > > Look at apache, it is on 3! > > > > Is it just me or are the statistics really dated Version 1.33 June 25, > 2001??? I don't know how much I would trust that report. > Yeah that is the old version the new one issued last week is simply http://www.sans.org/top20/ here's the blurb that came in yesterday's SANS NewsBites TOP OF THE NEWS --Top 20 Vulnerabilities List Developed by International Consensus (8 October 2003) The Department of Homeland Security (DHS) and its counterparts in the UK and Canada have joined the SANS Institute in releasing a list of the top 20 security vulnerabilities most frequently exploited in Windows, Unix and Linux. This list is notable for its "multinational government/industry consensus." Experts from Singapore and Brazil had input as well. http://www.computerworld.com/printthis/2003/0,4814,85848,00.html http://www.gcn.com/cgi-bin/udt/im.display.printable?client.id=gcndaily2&story.id=23811 Complete listing of the new Top 20, remediation strategies, and tools that can find them: http://www.sans.org/top20/ There is a lot of good information in the various links to working on securing each of these security issues. Note that the listis not one of the most insecure applications but the ones that are exploited the most. I took it as a good sign that telnet was not there. I read that to mean that folks have finally stopped using it. Also worthy of note is the fact that the exploited list is not presented in a manner to allow any determination how often the window apps are exploited compared to the *nix apps. Merely the top ten in each category. As I run several of these services, I am going to take a hard look at each of the various recommendations and see what I can do to further harden each of them. I went through the bind links today and it would appear that I actually did a pretty fair job. I am considering chrooting it as is suggested. and will probably add tsig keys to the zone transfers between the two dns servers I manage in addition to the allow transfers setting I have now. it was a good read. Oh yeah, I will probably change the version string too. Note to all: The second remediation of vulnerability (after not running a service at all) is keep the system updated! This cannot be said enough. If you are too broke to pay for rhn then learn about apt or yum and run it often. Bret -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
