The SysAdmin Audit Network Security (SANS) Institute's "Top 20 Vulnerabilities," first published three years ago in collaboration with the FBI's National Infrastructure Protection Center, consists of two lists: the top 10 flaws in Microsoft's operating system and software; and the top 10 flaws in Unix systems.
Get Up to Speed on...
Get the latest headlines and
company-specific news in our
expanded GUTS section.
The lists are intended to guide system administrators in checking their systems for flawed software. Each description of the 20 vulnerabilities suggests ways to mitigate the risks that are associated with the particular insecure software.
SANS rated Microsoft's Web server--the Internet Information Service (IIS) software--as the leading cause of vulnerabilities in Windows systems.
Microsoft has issued warnings for more than half a dozen flaws for its IIS Web server software in the last year. In May, the company. Last November, of other flaws in its Web server. The Code Red worm, which , used a flaw in Microsoft's Web servers to infect the machines.
On the Unix side, the Berkeley Internet Name Domain (BIND) domain name system (DNS) software--a widely used program for running Internet databases that match domain names with numerical addresses--is the most problematic program of that family of operating systems, which includes the various flavors of Linux, Sun Microsystems' Solaris and IBM's AIX.
Several flaws have been found in the BIND software in the last year. In March, the Internet Software Consortiumthat patched security holes. And in November, security researchers that had to be patched.
Other top flaws on Windows systems included Microsoft's SQL database software, which the, and Windows remote access services such as Microsoft's version of the remote procedure call (RPC) standard, a flaw which the .
Top Unix-based software flaws include those in the systems' own RPC service implementations as well as insecure Apache Web server installations.