SANS Top Internet Security Risks of 2007 - Excessive User Rights and Unauthorized Devices

 
 
By eweek  |  Posted 2007-11-27
 
 
 

SANS Top Internet Security Risks of 2007

Attackers in 2007 turned their attention from technical issues and problems to far easier prey: human beings. Spear-phishing exploits have targeted rich victims and military and government targets in nation-state espionage, as well as C-level executives f

SANS Top Internet Security Risks of 2007

SANS Top Internet Security Risks of 2007 - Client-side Vulnerabilities in Web Browsers

Browsers and plug-ins have become a malware playground, with exploit code out for Microsoft Internet Explorer flaws, malware sites that can launch exploits based on a given browser and the use of IE to exploit vulnerabilities in other core Windows com

SANS Top Internet Security Risks of 2007 - Client-side Vulnerabilities in Web Browsers

SANS Top Internet Security Risks of 2007 - Client-side Vulnerabilities in Microsoft Office

Qualys has tracked a 300 percent increase in Office application vulnerabilities during the past year—primarily, new Excel vulnerabilities that can easily be exploited by getting unsuspecting users to open Excel files sent via e-mail and instant m

SANS Top Internet Security Risks of 2007 - Client-side Vulnerabilities in Microsoft Office

SANS Top Internet Security Risks of 2007 - Client-side Vulnerabilities in E-mail Clients

E-mail has become a common vector for multiple vulnerabilities and has been used to distribute malware, including viruses, Trojans, keyloggers, spyware, adware and rootkits; to perpetrate phishing attacks, and for stealing passwords or other confidenti

SANS Top Internet Security Risks of 2007 - Client-side Vulnerabilities in E-mail Clients

SANS Top Internet Security Risks of 2007 - Client-side Vulnerabilities in Media Players

Vulnerabilities were released for most popular media players in 2007. No operating system was spared, as the following media players for Windows, Mac OS and Linux/Unix were hit: Windows Media Player, RealPlayer, QuickTime, Adobe Flash Player and iTunes

SANS Top Internet Security Risks of 2007 - Client-side Vulnerabilities in Media Players

SANS Top Internet Security Risks of 2007 - Server-side Vulnerabilities in Web Applications

Web-based applications such as content management systems, wikis, portals, bulletin boards and discussion forums, as well as custom-built Web applications, are hit by hundreds of vulnerabilities every week. SANS says the number of attempted attacks for

SANS Top Internet Security Risks of 2007 - Server-side Vulnerabilities in Web Applications

SANS Top Internet Security Risks of 2007 - Server-side Vulnerabilities in Windows Services

Vulnerabilities in Windows operating system services are some of the most common avenues for exploitation, yet some are configured to run by default whenever the computer is restarted. SANS advises that users disable any unneeded services to enhance se

SANS Top Internet Security Risks of 2007 - Server-side Vulnerabilities in Windows Services

SANS Top Internet Security Risks of 2007 - Server-side Vulnerabilities in Unix and Mac OS Services

Even fully patched services can be problematic, with brute-force attacks against remote services such as SSH (Secure Shell), FTP and Telnet still being the most common danger for servers facing the Internet. During the last couple of years, a concerte

SANS Top Internet Security Risks of 2007 - Server-side Vulnerabilities in Unix and Mac OS Services

SANS Top Internet Security Risks of 2007 - Server-side Vulnerabilities in Backup Software

Since backup software generally runs with high privileges to read all files on a system, vulnerabilities have led to severe security repercussions. The affected operating systems tend to be Windows and Unix, as the preponderance of enterprise clients a

SANS Top Internet Security Risks of 2007 - Server-side Vulnerabilities in Backup Software

SANS Top Internet Security Risks of 2007 - Server-side Vulnerabilities in Anti-Virus Software

Attackers are exploiting security products, including anti-virus and personal firewall software. Vulnerabilities arent limited to desktop and server platforms: Gateway solutions are also affected, which is particularly serious, given that the gateway

SANS Top Internet Security Risks of 2007 - Server-side Vulnerabilities in Anti-Virus Software

SANS Top Internet Security Risks of 2007 - Server-side Vulnerabilities in Management Servers

Applications such as on-server virus and spam filters, directory servers, and management and monitoring systems pose a unique security challenge. In addition to providing opportunities for compromising the system hosting them, these apps provide opport

SANS Top Internet Security Risks of 2007 - Server-side Vulnerabilities in Management Servers

SANS Top Internet Security Risks of 2007 - Server-side Vulnerabilities in Database Software

The most common vulnerabilities in database systems are use of default configurations with default user names and passwords; SQL injection via the databases own tools, third-party applications or Web front ends added by users; use of weak passwords fo

SANS Top Internet Security Risks of 2007 - Server-side Vulnerabilities in Database Software

SANS Top Internet Security Risks of 2007 - Excessive User Rights and Unauthorized Devices

The best efforts to secure an information system are futile if users connect unauthorized devices to the network or install unauthorized, potentially dangerous software. A rogue wireless access point can be an open door to any malicious individual want

SANS Top Internet Security Risks of 2007 - Excessive User Rights and Unauthorized Devices

SANS Top Internet Security Risks of 2007 - Phishing/Spear Phishing

Spear phishing has become one of the most damaging forms of attacks on military organizations in the United States and other developed countries. Attackers gain user name and password information and then break in to gain sensitive military information

SANS Top Internet Security Risks of 2007 - Phishing/Spear Phishing

SANS Top Internet Security Risks of 2007 - Unencrypted Laptops and Removable Media

Loss of laptops and removable media has become a major liability for corporations and government agencies, as well as for general consumers. All too frequently, a major loss of personal or identifying information is traced back to the loss of a single

SANS Top Internet Security Risks of 2007 - Unencrypted Laptops and Removable Media

SANS Top Internet Security Risks of 2007 - Application Abuse of IM

The widespread use of instant messaging can significantly increase security risks. Attacks include variants of e-mail worms spread via IM, new variations in the establishment and spread of botnets, and the use of compromised IM accounts to lure users i

SANS Top Internet Security Risks of 2007 - Application Abuse of IM

SANS Top Internet Security Risks of 2007 - Application Abuse of P2P

Peer-to-peer networks can be attacked by modifying legitimate files with malware; seeding malware files into shared directories; exploiting vulnerabilities in the protocol or errors in coding; blocking (filtering) the protocol; denial of service by mak

SANS Top Internet Security Risks of 2007 - Application Abuse of P2P

SANS Top Internet Security Risks of 2007 - VOIP Servers and Phones

Vulnerabilities have been found in VOIP (voice over IP) products such as Cisco Unified Call Manager and Asterisk, along with VOIP phones from multiple vendors. Attackers are carrying out VOIP phishing scams, eavesdropping, or leveraging toll fraud or d

SANS Top Internet Security Risks of 2007 - VOIP Servers and Phones

SANS Top Internet Security Risks of 2007 - Zero Day Attacks

Once a working exploit of a new, unpatched vulnerability is released into the wild, users of the affected software will be compromised until a software patch is available or some form of mitigation is taken. Several zero-day attacks were recorded in 20

SANS Top Internet Security Risks of 2007 - Zero Day Attacks

SANS Top Internet Security Risks of 2007 - See More Slide Shows Like This One!

  • Worst Data Breaches Ever
  • The Most Poisonous Bugs
  • SANS Top Internet Security Risks of 2007 - See More Slide Shows Like This One!

  • Rocket Fuel