syslog

The SANS Institute recently released its annual list of the Top 20 Internet Security Attack Targets. The listed vulnerabilities are as follows:

Operating Systems

W1. Internet Explorer
W2. Windows Libraries
W3. Microsoft Office
W4. Windows Services
W5. Windows Configuration Weaknesses
M1. Mac OS X
U1. UNIX Configuration Weaknesses

Cross-Platform Applications

C1. Web Applications
C2. Database Software
C3. P2P File Sharing Applications
C4. Instant Messaging
C5. Media Players
C6. DNS Servers
C7. Backup Software
C8. Security, Enterprise, and Directory Management Servers

Network Devices

N1. VoIP Servers and Phones
N2. Network and Other Devices Common Configuration Weaknesses

Security Policy and Personnel

H1. Excessive User Rights and Unauthorized Devices
H2. Users (Phishing/Spear Phishing)

Special Section

Z1. Zero Day Attacks and Prevention Strategies

You can read detailed descriptions along with tips for protecting your system from attacks targeting these vulnerabilities at the SANS Web site: http://www.sans.org/top20/.

Also, this month here at Sys Admin we say good-bye to our managing editor, Rikki Kite, who is leaving the publication to pursue a graduate degree and other opportunities. Rikki has been with Sys Admin for almost 7 years and has been a great asset to the magazine because of her fun-loving spirit and creativity as well as her competence and resourcefulness. We wish Rikki success in all things, and we will miss her.

Until we find a new managing editor for the magazine, Hal Pomeranz and I will be handling the author correspondence, so if you have an idea for an article, please send your proposal or manuscript to SAeditors@cmp.com. Currently, we're looking for articles on backup and recovery, clustering, database management, and networking, and we look forward to hearing from you.

Sincerely yours,

Amber Ankerholz
Editor in Chief