ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Desktop platforms Toolkit in association with http://ad.doubleclick.net/clk;205413468;14699245;m?http://adfarm.mediaplex.com/ad/ck/2397-58840-22058-14

The latest top 10 Linux/Unix security holes

John McCormick

Published: 04 Nov 2003 12:10 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

    7. Simple Network Management Protocol (SNMP)
Since SNMP is often enabled by default, it's one of those services that must be maintained if you can't disable it. The SANS Institute offers a free SNMP scanning tool. Just send a blank email to snmptool@sans.org to get more information.

    8. Secure Shell (SSH)
SSH is an important security tool, but many installations of it aren't being properly maintained or configured.

    9. Misconfiguration of Enterprise Services NIS/NFS
The main threat here is probably the fact that this is often enabled by default, whether it is needed or not, and is, therefore, rarely maintained effectively.

    10. Open Secure Sockets Layer (SSL)
There are a lot of holes in older OpenSSL libraries and, because it is often used by other services such as Apache or even Sendmail, it may not be maintained properly.

Final word
The newest Top 20 vulnerabilities list isn't really much different from the earlier SANS/FBI vulnerability lists, but that makes it all the more important that every administrator look it over carefully. These are the holes that hackers know they can exploit, and far too many systems remain vulnerable to them even after years of warnings.

If you're going to devote energy to fixing vulnerabilities, you should probably start with these first. Every administrator is swamped with new threat announcements and new patches, but taking the time to fix these commonly-exploited flaws will pay off. Of course, not all of these vulnerabilities can be fixed with a simple patch, but there are steps administrators can take to reduce the impact of even those basic soft spots in operating systems and applications that are inherent in the very structure of the software.

Once again, the top lesson to be learned from this list is probably the need to know what services are running on your system and disable any that aren't really needed.

Next

Previous

1 2 3


  • Email
  • Trackback
  • Clip Link
  • Print friendly Print with Dell

Did you find this article useful?
185 out of 352 people found this useful


Talkback

Post a comment


Full Talkback thread

1 comment

  1. I got the impression that you were stretching to g... Anonymous

Related Links

More In Desktop platforms



Company/Topic Alerts

Create a new alert from the list below:



Related Jobs

Linux System Administrators- London- Linux- Unix- TCP/IP- Network

Linux System Administrators- London- Linux- Unix- TCP/IP- DNS- DHCP-Mysql-Oracle- Redhat- Windows- 40k An exciting opportunity has arisen for an ...

Borland C++/Com Legacy Developer, Based in Tewkesbury, up to 38,000

Experience: Borland C++ C++ COM Rational Rose UML You will be developing and maintaining legacy code on one of their large-scale intruder products ...

Warehouse System Legacy Replacement Project Manager - Warwickshire

With a key base in Warwickshire, my client, a Logistics company, are looking to replace their Legacy WMS. They are planning to implement Red Prairie ...

Featured Talkback

So if you upgrade to XP SP3 you can't uninstall Internet Explorer, I'm quite sure I'm having a Deja-vu feeling about MS preventing people from uninstalling Internet Explorer in other Windows products.

By: TheKLF99

Read full story:
Upgraders to XP SP3 warned over IE downgrades

Desktop Management Benchmarking

Test Your Desktop Management Systems

How good are your company's desktop management solutions? How do they compare with those of your peers?

Take two minutes to complete our new Desktop Management and Energy Consumption benchmark, and find out what issues your business needs to focus on.