Windows latest top ten security vulnerabilities
Author: techrepublic.comFriday, January 30 2004 9:32 AM SANS (SysAdmin audit Network Security, systems management and network security audit committee, which is a security research and educational institutions by the government, business and academic experts) and FBI (Federal Bureau ONVESTIGATION, US Federal Survey, the fourth jointly released the annual annual Internet security vulnerability, and the list is divided into two parts: Windows threats and Linux / UNIX threats. . This list is especially important because these security vulnerabilities are now being used by others, not just theoretical or potential threats.
In most cases, these security vulnerabilities have become the target of attacks because administrators don't properly lock their systems or have a variety of available patches everywhere. By using various patches and / or reinforcing firewalls to prevent the maximum 20 security vulnerabilities listed by SANS / FBI, you may allow administrators to stay away from the perseverance of various security hazards, let them It can focus on solving new security threats. The following is a summary of the list of Windows threats.
Windows top ten security threats
1, Internet Information Services (IIS) By using the URL SCAN software to filter potential malicious HTTP requests and use IIS Function Lock Wizard (IIS Lockdown Wizard) to help you enhance the installation settings, you can easily reinforce IIS security. The current version of the IIS functional locking guide already contains URLSCAN software, but it is also possible to download the software from the old version of the system. If you are running on your system, you may already be in trouble and may have seen that the system has been utilized.
2, Microsoft's SQL Server (MSSQL) Please pay close attention to the new patch of MSSQL, once the patch appears, applies these patches as soon as possible. Internet Storm Center has been proved that the default ports 1433 and 1434 of MSSQL are one of the ports of the Internet attacker must actively detect. Any disadvantage here will be used quickly.
3, Windows's certified password management is the key to valid authentication. SANs provides a password setting guide that explains how to ensure the complexity of the password is not simple to attack in this guide. According to this SANS guide, you cannot contain any part of the user account name in your password, and should not be less than six characters. In addition, the password "should include three types in the following four character types: English uppercase characters (A to Z), English lowercase characters (A to Z), 10 basic numbers (0 to 9), non-text and non- Digital characters (for example:!, $, #,%) ". Starting from Win2k, the Windows operating system already contains how to easily create a good password and maintain a tool in the mouth strategy. Poor password strategy is not only weaknesses in Windows certification, but they are also the most vulnerable to attackers. Many other certification recommendations are also available in the SANS report.
4, Internet Browser (IE) Each version of IE has a critical threat, and new versions can always be able to discover new defects. Any administrator that does not regularly update this key tool will make big mistakes. SANS recommends using online browser testing, such as the one from qualys test to maintain IE security. This is very useful because this test does not require technical personnel to be executed.
5. Windows Remote Control Services In order for the process of transplanting from other systems or connecting to other systems, Windows Platform supports almost all other network protocols. If you don't use these agreements, it is best to let these protocols immediately. KLEZ, SIRCAM, and NIMDA can quickly spread around the world, because many systems do not have correctly configured network sharing, which makes other hosts to access files remotely. 6. Microsoft's Data Access Components (MDAC) Many MDAC versions of remote data access components have serious security vulnerabilities. To review this problem quickly, you can view WiRetap.net "Report On Hardening RDS", and also read Microsoft's suggestions, for example: "Knowledge base article" on this topic.
7. Windows Script Host Service Maybe You cannot make WSH to fail because it is used in many management and desktop auto control functions, so you should just bring these extensions such as: .vbs, .vbe, .js, jse , Change the default processing of the.wsf's script file.
8. Microsoft Outlook and Outlook Express If you don't have Outlook and Outlook Express, you can't live in Outlook and Outlook Express, then a good anti-virus's signature update policy will provide some necessary protection.
9. File Sharing (P2P) of Windows Peers (P2P) If the P2P network is often used for illegal purposes, P2P applications should be ruthlessly deleted from the commercial network. Although the ports used in all P2P software cannot be blocked (after all, the port used by Kazaa is 80), but you can weaken its activity in the firewall.
10. Simple Network Management Agreement (SNMP) is a quite obvious issue. SNMP is used to remotely manage, which can manage the components from the printer to the wireless access point, so if there is no proper maintenance of SNMP, this will be a big threat. If you don't need or use SNMP, the solution is simple, that is, it will make it invalid. I think a lot of SNMP is used by people because people of the operating system are not realized when they are installed.
Risk Level - Danger The security vulnerabilities listed here are hackers now being actively utilized by the Vulnerability of the Windows network.
Solution The appropriate method is to play patch or use the work area. With new security vulnerabilities or new methods of using these security vulnerabilities, new threats will continue to appear, so how to play patch or use work areas is to avoid system being avoided for systems that have not been used. An available method for existing security vulnerabilities utilization.
Some threats, such as the continuous P2P file sharing, it should not be running on the business network at all. To prevent this threat, administrators should conduct periodic scans to see if this software is present, and to promote the creation of strict mandatory policies in the upper management, users do not allow users to install them in the network.
Finally, I think some administrators are very pleased in the back of the 20 largest security vulnerabilities in the SANS / FBI without spreading in public media. Because if the upper manager asks if there is a similar threat to the IT department, most people may not get a satisfactory answer.
There are a lot of good reasons to explain why these security vulnerabilities (eg, popular software such as IIS and SQL servers have been favored by hackers. However, some other security vulnerabilities can be reduced by appropriate management operations. This is especially true for the installer: those services that are not used should not be installed. Because they almost never use, when it is properly maintained, it may be ignored, so that they will have double weakness and danger.
You can also refer to
OpenBSD updated two important new biggest threats this week. The first is "OpenBSD package filter denial service security vulnerability - Secunia Advisory SA9949", which defines it as "medium risk". This is a rejection service threat that can be used remotely. Another threat is "ARP Request Denial of Service Vulnerability - Secunia Advisory SA9948", which is also a denial of service (DOS) threat, which defines it as "smaller" danger. This threat comes from users within the network and remote users cannot be utilized. The current patch and update programs can be used.
Those who have proven to use a computer for any criminal will now be punished by a tough punishment. There is such a story on the Washington Post. A key sentence in this story is: "The new guideline is made by increasing the cost of storage data, fixing security vulnerabilities, implementing disaster assessments, and property, etc., which makes the victim calculates financial losses." This makes any The hacker event is likely to trigger a lawsuit.
In California, a lawyer has filed a lawsuit against Microsoft. He is now classifying a large and secure threat to a large security practice of Microsoft, so that it can be legally advocated. Imagine, Redmond will do our best to stop this. Sans online posts a complaint, if you are interested, you can view this interesting document. (Editor: Liu Yanzhi) View the international source of this article
Http://www.zdnet.com.cn/techupdate/security/hacker/story/0,380003,0629,39200537,00.htm
