Tool Finds Most Dangerous Vulnerabilities
The SANS Institute and the FBI's National Infrastructure Protection Center releases a scanning tool designed to find 20 common network vulnerabilities, as well as a document listing steps to fix each problem.The SANS Institute and the FBIs National Infrastructure Protection Center on Monday released a scanning tool designed to find 20 common network vulnerabilities, as well as a document listing steps to fix each problem. The list is an expansion of the original Top Ten list released by the two groups last year and is meant to give systems administrators a prioritized checklist of the most dangerous vulnerabilities. It is divided into three sections: general vulnerabilities, Windows flaws and Unix flaws.
The problems range from using default installations of operating systems to non-existent or incomplete system backups to the infamous ISAPI buffer overflow in Microsoft Corp.s IIS Web server software. Many of the vulnerabilities on the list are simple, non-software-related problems such as weak passwords that are often overlooked.