Slashdot Mirror

← Back to Stories (view on slashdot.org)

SANS Institute Warns of Attack Shift

Posted by Zonk on from the new-targets dept.

JamesAlfaro writes "SANS warned of the switch to attacks on applications and network devices in its annual publication of the Top 20 vulnerabilities on Tuesday. The annual SANS Top 20 highlights holes in software programs that are considered the most serious for security professionals. Microsoft shares the spotlight this year with Symantec Corp., Cisco Systems Inc., Oracle Corp. and others, after a year in which warnings about vulnerabilities in antivirus and computer backup software and the surprise publication of information on a hole in Cisco Systems' IOS (Internetwork Operating System) made headlines."

4 of 80 comments (clear)

  1. I believe it: OS' are getting solid by Anonymous Coward · · Score: 0, Informative

    I don't doubt this for a second!

    IMO, today's modern OS' are pretty damn secure/solid as well as stable.

    The "pre-cursor" to this 'prediction' etc./et all might be just looking @ how tools like Outlook Express/"full" Outlook from Office has gotten abused by attachments that house virii & spam as well.

    (Personally, because of that? I wouldn't call this a "breakthru" epiphany type of thing, some utterly new concept @ all... just a rehash of an older one. What one's that? Read the novel "The Cuckoo's Egg" by Clifford Stoll. It outlines how a team of German Hacker/Cracker types under hire by the Russian KGB penetrated U.S. Military bases by abusing the buffer overflow's possible in a program written by Richard Stallman of GNU fame & on UNIX systems... sound familiar to the buffer overflow exploits you hear about today?)

    APK

  2. Link to list by UnderAttack · · Score: 5, Informative

    the actual top 20 list can be found here: http://www.sans.org/top20

    --
    ---- join dshield.org Distributed Intrusion Detec
  3. Re:Quis custodiet ipsos custodes? by mysqlrocks · · Score: 2, Informative

    but if hackers attack security software instead of other apps, maybe it means that security software actually works in protecting these

    Interesting theory but the product in question, Veritas BackupExec, is not a security product. To Symantec's credit this is a software product they purchased but it still has the Symantec name on it.

    --
    Bradley Holt
  4. Re:What about Chinese attacks? by graemecoates · · Score: 3, Informative

    On linux, I use iptables with some rate limiting rules on "NEW" connections to only allow x number of connections per y minutes from any host:

    # setup recent state list
    /sbin/iptables -A INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --name SSHLIST --set
    # hitcounter rule - send to DUMP table if matching
    /sbin/iptables -A INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --name SSHLIST \
    --update --seconds 600 --hitcount 4 -j DUMP

    That pretty much stops any brute force attacks dead after 3 connections.

    Of course, you can set up prior permit rules to allow access from known hosts at any rate if need be, and if you users screw up logging in, it's easy to remove them from the block list if it's really urgent (they could also wait 10 minutes):

    echo "-123.45.67.89" > /proc/net/ipt_recent/SSHLIST