View and vote on the article here: Top Vulnerabilities
Top Vulnerabilities| Category | | | Summary | <FONT size=2>
The SANS institute maintains a live document of Top Vulnerabilities found in modern systems. There are specified three categories: All Systems, Windows Systems and Unix Systems. Are you vulnerable to hackers attack?
For the average |
| | Body | <FONT size=2>
1. Default Installation of Operating Systems and Applications
Which is what most people do. No post configuration, no patchs added, nothing. This is terribly dangerous! A system is not properly installed just after you can start it up and run programs. It's just the first part! Check the software web for the latests version, and read carefully all the documentation, configuring your tools in a educated matter.
2. Account with no password or weak passwords.
Also, with default passwords. Have you tried to install our wwwboard? Or phpnuke? Those programs come with a default password, change it inmediately! Also, never use simple passwords, mix letters and numbers, and include symbols ("?$@...) when you can.
3. Non-existent or incomplete backups
Do you save your data? How? Would you be able to recover your computer as it is now from a crash or will you lose some data? Ask yourself these questions. And then, create a backup policy, something simple, like just save the D:games directory into a CD every week, and improve from there.
4. Large number of open ports
Do you close ports? Do you know what a port is? Ports are what your system uses to contact the outer world. If you use GNU/Linux, you have a lot of open ports by default (again, default installation) which need to be closed. Stop the programs that open those ports, or ask for help.
5. Non-existent or incomplete logging
When you perform an action, like going to a web page, there should be a register somewhere that keeps that information of the address you were trying to access, along with the date and other details. Similarily, when you install a program, there should be a log with the name of the files the program is storing, where, and the status of the operation (ok, failure, whatever). The same for all kind of events. And, of course, it should be checked by you, to see what's going on in your system, and if something strange is happening (for example, an indication of accessing a web site you haven't visited)
This small list is probably enough. Do you perform all tasks above mentioned? If not, eventually you will be in trouble.
The original and much more expanded and clear list is in the <A href="http://www.sans.org/top20.htm]SANS site[/url]. Go there, have a look and learn what is needed nowadays to stay safe in the Internet. <A href="http://www.cyberarmy.com]Cyberarmy[/url] can help you with that.</FONT> |
|
This article was imported from zZine. (original author: alfer)
There are no replies to this post yet.
|