My next class:

SANS releases new Cyber Security Risk Report

Published: 2009-09-15. Last Updated: 2009-09-15 14:05:11 UTC
by Johannes Ullrich (Version: 1)
2 comment(s)

SANS today released a new Cyber Security Risks report. The report used data from Tippingpoint, Qualys, the Internet Storm Center and input from SANS faculty like Ed Skoudis and Rob Lee.

Some of the key findings include that operating systems are for the large part less and less of a problem. There are few attacks against the operating system itself, and patching has become pretty robust when it comes to the operating system and its core components. However, third party applications (think Adobe, Java, Quicktime) are a big problem, and they are usually not well covered by existing controls.

On the server side, web applications are of course the big entry point for an attacker. In particular the combination of vulnerable web applications and vulnerable client software is frequently used to inject a client exploit into a web application in order to pivot and attack inside the attacked network.

The report includes case studies of actual attacks to underline these points.

For details, see http://www.sans.org/top-cyber-security-risks

 

 

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Keywords: risk sans
2 comment(s)
My next class:

Comments

Nice report!
Reading up on the Applicatin Patching part, I though "How about I go through the "Add or Remove Programs" on XP / whatever flavour & see to which page you are redirected to find the latest update."
Results:
- Lot of times to some dev page(java, j2se)
- The version on pc (9.1.3: adobe reader) is not the same as on the update page (9.1).
- The redirection to the page is not even to the update page (apple goes to apple.com/macosx)...
- On the page you can't find the update (java.sun.com)
- Macromedia flashplayer 8.0.24.0 goes to troubleshooting page on adobe (confusing).
- Lots of times there is still different versions installed. (MS .NET framework 1.1, 1.1 hotfix(KB928366), 2.0 SP1, 3.0 SP1, 3.5 & firefox 3.0.12, 3.5, 3.5.3).
- No link to an update (page) MS Office (Communicator 2005, Excel viewer, (Live meeting seems to be kind of OK), All other MS installs (!).
- OpenOffice may be OK, no seperate updates or patches.
- Opera goes to latest version page.
- Sometimes there is no extra information at all. Sometimes not to an updates page.
- Wireshark seems to be doing ok.

Is anyone /group pressing vendors to fix this? What are some other good/ bad examples. It's the small steps that make great differences.
Nice report!
Reading up on the Applicatin Patching part, I though "How about I go through the "Add or Remove Programs" on XP / whatever flavour & see to which page you are redirected to find the latest update."
Results:
- Lot of times to some dev page(java, j2se)
- The version on pc (9.1.3: adobe reader) is not the same as on the update page (9.1).
- The redirection to the page is not even to the update page (apple goes to apple.com/macosx)...
- On the page you can't find the update (java.sun.com)
- Macromedia flashplayer 8.0.24.0 goes to troubleshooting page on adobe (confusing).
- Lots of times there is still different versions installed. (MS .NET framework 1.1, 1.1 hotfix(KB928366), 2.0 SP1, 3.0 SP1, 3.5 & firefox 3.0.12, 3.5, 3.5.3).
- No link to an update (page) MS Office (Communicator 2005, Excel viewer, (Live meeting seems to be kind of OK), All other MS installs (!).
- OpenOffice may be OK, no seperate updates or patches.
- Opera goes to latest version page.
- Sometimes there is no extra information at all. Sometimes not to an updates page.
- Wireshark seems to be doing ok.

Is anyone /group pressing vendors to fix this? What are some other good/ bad examples. It's the small steps that make great differences.

Diary Archives