Although security has long been an issue for network and system administrators, in the wake of recent phenomena like the Code Red worm, Zombie-based distributed denial of service attacks, and the Loveletter e-mail virus, coverage of this evergreen topic has recently gained intensity. Rather than concentrating on doom and gloom, or picking up shards of fallen sky, I'd like to talk about ways to help you keep track of what's afoot in the security world, and how to close the points of entry that malefactors are most likely to try to exploit to break into your networks and systems. Along the way, we'll look at some interesting online resources, monitoring services, and lots of security-related Top 10 lists (the best of these appear in the "Sources of Security Top 10 Information" section of this article, ready for your inspection).
Uncle Sam's Internet Security "Top 10"
In June, 2000, the White House coordinated what can only be called an Internet security blitz. Amidst much fanfare, and with input from top security gurus, academia, security firms, consulting groups, law enforcement agencies, security advisory groups, professional associations, and more, the Systems Administration and Network Security (SANS) Institute published what remains the best-known, most highly regarded security watch list. Called the "SANS Top Ten Most Critical Internet Security Threats" this list represents the consensus of a large number of security professionals on where real threats to Internet security lie.
As a regularly updated source of information about potential security hot spots on your systems and networks, the SANS Top Ten list is an invaluable resource. That list not only documents leading causes for concern, it also documents possible fixes, workarounds, or other ways to avoid related exposure or vulnerabilities for each item it covers. Unfortunately, because this eminent and valuable advisory list covers the Internet at large, it includes information about vulnerabilities or attacks that may or may not apply to the types of hardware and software you manage. When SANS list items are relevant, that information is great; when it's irrelevant, the best that can be said is that you can safely ignore related warnings and fixes.