The top three vulnerabilities of the Microsoft Windows operating system (OS)—in order—are Web servers and services, workstation service and Windows remote-access services, whereas the top three vulnerabilities for UNIX and Linux are the BIND domain name system (DNS), Web server and authentication, according to a study recently released by the security-oriented SANS Institute. The list, available at the organization’s Web site, was put together by experts from government agencies in the United Kingdom, the United States and Singapore; leading security software vendors and consulting firms; some of the top university-based security programs; and SANS.
“I agree with the ranking on low-level technical groupings, but it’s less from a technological basis than it is from a market understanding,” said Chuck Adams, chief security officer of Austin, Texas-based NetSolve Inc., which delivers remote management services for IT infrastructure. “There’s literally tens of thousands of these single-point vulnerabilities. They continue to show up in these operating systems and applications and information technology systems of any type.”
The vulnerabilities listed in the survey directly correlated with rate of use, Adams said. “Web servers and services being ranked number one (for Windows) isn’t surprising to me. It’s sort of a frequency assumption that we’ll see more vulnerability issues or challenges with a more extensively used operational capability.”
Adams added that the biggest vulnerability any OS user faces today is not technical in nature, but rather is based on a general mindset about IT security. “There’s a macro-level vulnerability in Corporate America and…
Please log in or subscribe to read this article