Fixing the FBI's 'Top 20' security flaws isn't enough
Like a good sun-block lotion, the SANS/FBI recommendations for keeping these 20 vulnerabilities covered vastly lowers (but doesn't eliminate) your chances of getting "burned." The 20 items represent the weaknesses most frequently exploited by Internet-based attackers and should be a mandatory second step for all enterprises in an Internet security program.
Appendix A of the list provides advice that should be the first step: Enterprises should block all unnecessary ports and services at the enterprise firewall and open only those required for business. Although Appendix A lists the most dangerous ports that should almost always be closed, Gartner believes that "deny all that is not expressly permitted" should be the mantra for Internet security.
[ Read more ]
- News: SANS and FBI Top 20 vuln list (3 October 2002)
- News: GSA to unveil top 20 security flaws, focus on fixe (1 October 2002)