The FBI's top 10 online security threats
John McCormick
Published: 28 Jan 2004 14:30 GMT
- Simple Network Management Protocol (SNMP)
This one is pretty obvious. SNMP is used to remotely manage everything from printers to wireless access points and is therefore a major threat if not maintained properly. If you don't need or use SNMP then the fix is simple -- disable it. I suspect that a large number of the SNMP exploits are due to installations where the people running the system don't even realise it's there.
Risk level -- Critical
The vulnerabilities listed here are ones that hackers are most actively exploiting against Windows networks.
Fix
Patch or apply a workaround where appropriate. Some of these threats keep popping up as new vulnerabilities or ways to exploit them appear, but patches or workarounds are available for all the older exploits that are not being applied on many systems.
Some threats, such as the continuing problem with P2P file sharing, simply shouldn't be permitted on a business network. To block it, administrators must periodically scan for the presence of P2P and push upper management for the creation of strict enforcement of rules forbidding users from installing such software.
Final word
I suspect that some administrators are secretly happy that the SANS/FBI top 20 list isn't more widely publicised in the general media. If upper management questioned many IT departments about whether their company was covered against these threats, many of them would not get a very satisfactory response.
There are good reasons why some of these vulnerabilities (for example, popular software such as IIS and SQL Server) are perennial favourites. But some of the others should be eliminated in any properly managed operation. This is especially true for installations where unused services are allowed to remain active when they shouldn't even be there. Because they are rarely used, they also tend to be ignored when it comes to proper maintenance, which makes them doubly vulnerable and dangerous.
Previous
Did you find this article useful?
188 out of 389 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
