Thursday, November 16, 2006

SANS Top-20 Internet Security Attack Targets (2006 Annual Update)

SANS has published the 2006 annual update to their list of the top 20 Internet security attach targets.

From the Internet Storm Center:

"Published: 2006-11-15,
Last Updated: 2006-11-15 12:43:39 UTC by Johannes Ullrich (Version: 1)

Today, the SANS Institute released an updated Top 20 Internet Security Attack Targets list.

This update reorganizes the list recognizing the new reality of operating system independent issues. Sections for cross-platform applications, network devices, policy and the overall issue of 0-day attacks where added.

The list has been released for the last 7 years. From the start, organizations like the FBI assisted in putting the list together. It is in particular useful if you have to set and defend priorities.
Here is the SANS Top 20:
Operating Systems
W1. Internet Explorer
W2. Windows Libraries
W3. Microsoft Office
W4. Windows Services
W5. Windows Configuration Weaknesses
M1. Mac OS X
U1. UNIX Configuration Weaknesses

Cross-Platform Applications
C1 Web Applications
C2. Database Software
C3. P2P File Sharing Applications
C4 Instant Messaging
C5. Media Players
C6. DNS Servers
C7. Backup Software
C8. Security, Enterprise, and Directory Management Servers

Network Devices
N1. VoIP Servers and Phones
N2. Network and Other Devices Common Configuration Weaknesses

Security Policy and Personnel
H1. Excessive User Rights and Unauthorized Devices
H2. Users (Phishing/Spear Phishing)

Special Section
Z1. Zero Day Attacks and Prevention Strategies

No comments: