Study Outs Top Internet Vulnerabilities

If you want to prevent your business from being decimated by the next Code Red or Nimda worm then its time to check your systems. This is the message from the SANS (SysAdmin, Audit, Network, Security) Institute and top government officials on both sides of the Atlantic, who today unveiled the latest list of the world’s top 20 Internet security vulnerabilities.

So, what should you be looking out for? In the Windows world, Web servers are most at risk, closely followed by workstations and remote access services. It's a similar story in the Unix arena, where Web servers are also particularly vulnerable to external threats.

The challenge for both Unix and Windows users is how to securely install a major application as well as all the support applications that make it work. Rick Fleming, CTO at San Antonio-based security specialist Digital Defense (Nasdaq: MSFT) is not at all surprised by the SANS Institute’s findings. “It’s a fairly large headache [for users],” he says. “The latest version of Office 2003 is a great product but if your firewall is not configured correctly, or your SQL 2003 database is not configured correctly, you will have vulnerabilities.”

As far as Web servers are concerned, the Institute warns users to pay particular attention to default installations of HTTP servers and other components used for serving HTTP requests. Failure to keep patches up to date could result in a denial of service (DOS) or even exposure of sensitive files.

The top five Windows vulnerabilities are:

1. Web Servers & Services

2. Workstation Service
3. Windows Remote Access Services
4. Microsoft SQL Server

5. Windows Authentication