SANS Institute: How To Eliminate The Ten Most Critical Internet Security ThreatsJun 07, 2000, 13:42 (0 Talkback[s])
[ Thanks to George Mitchell for this link. ]
"The majority of successful attacks on computer systems via the Internet can be traced to exploitation of one of a small number of security flaws. Most of the systems compromised in the Solar Sunrise Pentagon hacking incident were attacked through a single vulnerability. A related flaw was exploited to break into many of the computers later used in massive distributed denial of service attacks. Recent compromises of Windows NT-based web servers are typically traced to entry via a well-known vulnerability. Another vulnerability is widely thought to be the means used to compromise more than 30,000 Linux systems."
"System administrators report that they have not corrected these flaws because they simply do not know which of over 500 potential problems are the ones that are most dangerous, and they are too busy to correct them all."
"The information security community is meeting this problem head on by identifying the most critical Internet security problem areas - the clusters of vulnerabilities that system administrators need to eliminate immediately. This consensus Top Ten list represents an unprecedented example of active cooperation among industry, government, and academia. The participants came together from the most security-conscious federal agencies, from the leading security software vendors and consulting firms, from the top university-based security programs, and from CERT/CC and the SANS Institute. A complete list of participants may be found at the end of this article. Here is the experts' list of the Ten Most Often Exploited Internet Security Flaws along with the actions needed to rid your systems of these vulnerabilities."