BNET UK
silicon.com
ZDNet UK

Home
News
Blogs
Reviews
Videos
Jobs
Resources
Community

Leader
Comment
White Papers
Downloads
Special Reports

Hardware
Software
Communications
Internet
Security
IT Management
Emerging Tech
Leader

Group Blogs
News Blog
Post Room
Rupert's Diary

Hardware Reviews
Software Reviews
Editors' Choice
Buyer's Guides
Tech Guides
Competitions

Dialogue Box
Security threats
Server platforms
Mobile devices
Application development
Full video index

Articles
White Papers
Downloads
Companies
Broadband Speed Test

People
Competitions
Post Room
FAQ

You are here: ZDNet UK > News > Software

Desktop platforms Toolkit

The latest top 10 Linux/Unix security holes

Tags:
Top 10 Security Holes,
Vulnerabilities,
Flaw,
Unix

John McCormick Tech Republic

Published: 04 Nov 2003 12:10 GMT

7. Simple Network Management Protocol (SNMP) Since SNMP is often enabled by default, it's one of those services that must be maintained if you can't disable it. The SANS Institute offers a free SNMP scanning tool. Just send a blank email to snmptool@sans.org to get more information.

8. Secure Shell (SSH) SSH is an important security tool, but many installations of it aren't being properly maintained or configured.

9. Misconfiguration of Enterprise Services NIS/NFS The main threat here is probably the fact that this is often enabled by default, whether it is needed or not, and is, therefore, rarely maintained effectively.

10. Open Secure Sockets Layer (SSL) There are a lot of holes in older OpenSSL libraries and, because it is often used by other services such as Apache or even Sendmail, it may not be maintained properly.

Final word
The newest Top 20 vulnerabilities list isn't really much different from the earlier SANS/FBI vulnerability lists, but that makes it all the more important that every administrator look it over carefully. These are the holes that hackers know they can exploit, and far too many systems remain vulnerable to them even after years of warnings.

If you're going to devote energy to fixing vulnerabilities, you should probably start with these first. Every administrator is swamped with new threat announcements and new patches, but taking the time to fix these commonly-exploited flaws will pay off. Of course, not all of these vulnerabilities can be fixed with a simple patch, but there are steps administrators can take to reduce the impact of even those basic soft spots in operating systems and applications that are inherent in the very structure of the software.

Once again, the top lesson to be learned from this list is probably the need to know what services are running on your system and disable any that aren't really needed.

1 2 3

Did you find this article useful?
185 out of 352 people found this useful

Share this article:
Digg
Slashdot
Del.ici.ous
Stumble
Reddit

Company/Topic Alerts

Create a new alert from the list below:

linux,security hole,unix,flaw,top 10 security holes,vulnerabilities

Video

Install Flash Player plugin

Find out more: From The Labs: A look at...

All videos
Most popular videos
Latest videos

Microsoft Windows 7 Special Report Special Report

How Microsoft can make Windows 7 a success

Comment Many businesses have given Vista a wide berth; Microsoft must focus on five areas to make sure Windows 7 doesn't suffer the same fate, argues TechRepublic's Jason Hiner