Security

SANS Top 20 Vulnerability List

There's a new SANS (SysAdmin, Audit, Network, Security) Top 20 list of security vulnerabilities. This is a list of the top 20 vulnerabilities in Windows and UNIX. 

Top Vulnerabilities to Windows Systems

  1. Internet Information Services (IIS) 
  2. Microsoft SQL Server (MSSQL) 
  3. Windows Authentication 
  4. Internet Explorer (IE) 
  5. Windows Remote Access Services 
  6. Microsoft Data Access Components (MDAC) 
  7. Windows Scripting Host (WSH) 
  8. Microsoft Outlook Outlook Express 
  9. Windows Peer to Peer File Sharing (P2P) 
  10. Simple Network Management Protocol (SNMP) 

Top Vulnerabilities to UNIX Systems

  1. BIND Domain Name System 
  2. Remote Procedure Calls (RPC) 
  3. Apache Web Server 
  4. General UNIX Authentication Accounts with No Passwords or Weak Passwords 
  5. Clear Text Services 
  6. Sendmail 
  7. Simple Network Management Protocol (SNMP) 
  8. Secure Shell (SSH) 
  9. Misconfiguration of Enterprise Services NIS/NFS 
  10. Open Secure Sockets Layer (SSL) 

It is also recommended that for good perimeter security that the following ports are secured to prevent access to the system or network.

Name Port Protocol Description
Small services <20 tcp/udp small services
FTP 21 tcp file transfer
SSH 22 tcp login service
TELNET 23 tcp login service
SMTP 25 tcp mail
TIME 37 tcp/udp time synchronization
WINS 42 tcp/udp WINS replication
DNS 53 udp naming services
DNS zone transfers 53 tcp naming services
DHCP server 67 tcp/udp host configuration
DHCP client 68 tcp/udp host configuration
TFTP 69 udp miscellaneous
GOPHER 70 tcp old WWW-like service
FINGER 79 tcp miscellaneous
HTTP 80 tcp web
alternate HTTP port 81 tcp web
alternate HTTP port 88 tcp web (sometimes Kerberos)
LINUXCONF 98 tcp host configuration
POP2 109 tcp mail
POP3 110 tcp mail
PORTMAP/RPCBIND 111 tcp/udp RPC portmapper
NNTP 119 tcp network news service
NTP 123 udp time synchronization
NetBIOS 135 tcp/udp DCE-RPC endpoint mapper
NetBIOS 137 udp NetBIOS name service
NetBIOS 138 udp NetBIOS datagram service
NetBIOS/SAMBA 139 tcp file sharing & login service
IMAP 143 tcp mail
SNMP 161 tcp/udp miscellaneous
SNMP 162 tcp/udp miscellaneous
XDMCP 177 udp X display manager protocol
BGP 179 tcp miscellaneous
FW1-secureremote 256 tcp CheckPoint FireWall-1 mgmt
FW1-secureremote 264 tcp CheckPoint FireWall-1 mgmt
LDAP 389 tcp/udp naming services
HTTPS 443 tcp web
Windows 2000 NetBIOS 445 tcp/udp SMB over IP (Microsoft-DS)
ISAKMP 500 udp IPSEC Internet Key Exchange
REXEC 512 tcp } the three
RLOGIN 513 tcp } Berkeley r-services
RSHELL 514 tcp } (used for remote login)
RWHO 513 udp miscellaneous
SYSLOG 514 udp miscellaneous
LPD 515 tcp remote printing
TALK 517 udp miscellaneous
RIP 520 udp routing protocol
UUCP 540 tcp/udp file transfer
HTTP RPC-EPMAP 593 tcp HTTP DCE-RPC endpoint mapper
IPP 631 tcp remote printing
LDAP over SSL 636 tcp LDAP over SSL
Sun Mgmt Console 898 tcp remote administration
SAMBA-SWAT 901 tcp remote administration
Windows RPC programs 1025 tcp/udp } often allocated
Windows RPC programs to } by DCE-RPC portmapper
Windows RPC programs 1039 tcp/udp } on Windows hosts
SOCKS 1080 tcp miscellaneous
LotusNotes 1352 tcp database/groupware
MS-SQL-S 1433 tcp database
MS-SQL-M 1434 udp database
CITRIX 1494 tcp remote graphical display
WINS replication 1512 tcp/udp WINS replication
ORACLE 1521 tcp database
NFS 2049 tcp/udp NFS file sharing
COMPAQDIAG 2301 tcp Compaq remote administration
COMPAQDIAG 2381 tcp Compaq remote administration
CVS 2401 tcp collaborative file sharing
SQUID 3128 tcp web cache
Global catalog LDAP 3268 tcp Global catalog LDAP
Global catalog LDAP SSL 3269 tcp Global catalog LDAP SSL
MYSQL 3306 tcp database
Microsoft Term. Svc. 3389 tcp remote graphical display
LOCKD 4045 tcp/udp NFS file sharing
Sun Mgmt Console 5987 tcp remote administration
PCANYWHERE 5631 tcp remote administration
PCANYWHERE 5632 tcp/udp remote administration
VNC 5800 tcp remote administration
VNC 5900 tcp remote administration
X11 6000-6255 tcp X Windows server
FONT-SERVICE 7100 tcp X Windows font service
alternate HTTP port 8000 tcp web
alternate HTTP port 8001 tcp web
alternate HTTP port 8002 tcp web
alternate HTTP port 8080 tcp web
alternate HTTP port 8081 tcp web
alternate HTTP port 8888 tcp web
Unix RPC programs 32770 tcp/udp } often allocated
Unix RPC programs to } by RPC portmapper
Unix RPC programs 32899 tcp/udp } on Solaris hosts
COMPAQDIAG 49400 tcp Compaq remote administration
COMPAQDIAG 49401 tcp Compaq remote administration
PCANYWHERE 65301 tcp remote administration

IMPORTANT - Blocking these ports does not prevent them from being used by systems compromised by viruses, trojans and so on.  Take care to secure systems from being compromised by using effective, up-to-date anti-virus scanners.

NOTE - Blocking some of these ports may disable services that are required.  Bear this in mind before making changes.

If you just secured your system against these 20 things, you'll have a pretty safe system!

More information and downloads available from: http://www.sans.org/top20/



Adrian Kingsley-Hughes
Last updated: May 4th 2004
Print This Page   |   Email me when this page changes    |  Search This Site



Crucial.com System Scanner does the work for you!




Contact Us