SANS has published the 2006 annual update to their list of the top 20 Internet security attach targets. From the Internet Storm Center:
"Published: 2006-11-15,Here is the SANS Top 20:
Last Updated: 2006-11-15 12:43:39 UTC by Johannes Ullrich (Version: 1)
Today, the SANS Institute released an updated Top 20 Internet Security Attack Targets list.
This update reorganizes the list recognizing the new reality of operating system independent issues. Sections for cross-platform applications, network devices, policy and the overall issue of 0-day attacks where added.
The list has been released for the last 7 years. From the start, organizations like the FBI assisted in putting the list together. It is in particular useful if you have to set and defend priorities.
- Operating Systems
- W1. Internet Explorer
- W2. Windows Libraries
- W3. Microsoft Office
- W4. Windows Services
- W5. Windows Configuration Weaknesses
- M1. Mac OS X
- U1. UNIX Configuration Weaknesses
- Cross-Platform Applications
- C1 Web Applications
- C2. Database Software
- C3. P2P File Sharing Applications
- C4 Instant Messaging
- C5. Media Players
- C6. DNS Servers
- C7. Backup Software
- C8. Security, Enterprise, and Directory Management Servers
- Network Devices
- N1. VoIP Servers and Phones
- N2. Network and Other Devices Common Configuration Weaknesses
- Security Policy and Personnel
- H1. Excessive User Rights and Unauthorized Devices
- H2. Users (Phishing/Spear Phishing)
- Special Section
- Z1. Zero Day Attacks and Prevention Strategies
No comments:
Post a Comment