Security, Enterprise, and Directory Management Servers Attacks - Best Security Tips offers daily news, information, advices and tips about spyware, adware, viruses, trojans, web vulnerabilities, hackers, other threats    | Register now | Login
   
TIPS NEWS TOOLS DOWNLOADS MALWARE FORUM BOOKS FREE MAGAZINES FREE WEBCASTS & VIDEOS
GFI LANguard Network Security Scanner - Dld 30-day trial! del.icio.us  digg  Furl  NewsVine  Spurl  Blinklist  Ma.gnolia  Reddit  Tailrank  YahooMyWeb 
Best Tips
3 Simple Facebook Securi...
Back to School Security ...
Top 10 Current Security ...
Ten Commandments for You...
Users (Phishing/Spear Ph...
Beware of Instant Messag...
Watch that Linux Login !
Easy Steps to Safeguard...
Web Application Security...
How To Setup Xbox 360 Fi...
Security Scanner
Security Categories
 1. Adware/Spyware
 2. Antivirus
 3. Firewall
 4. Phishing
 5. Linux Security
 6. Windows Security
 7. Security Incidents
 8. Web Security
 9. P2P Security
Advertise With Us!
Latest Viruses / Threats
Vuln: Radiance Insecure Temporary File Creation Vulnerabilities
2008/9/24 0:00:00
Vuln: Debian rancid-util 'getipacctg' Insecure Temporary File Creation Vulnerability
2008/9/24 0:00:00
Vuln: Debian rccp Insecure Temporary File Creation Vulnerability
2008/9/24 0:00:00
Troj/Banc-D
2008/9/5 14:13:39
Troj/Dloadr-BSI
2008/9/5 14:13:39
Downloads
 0.Fx MPEG Suite
 1.Daniusoft Video to MP4 Converter
 2.iProtectYou
 3.Deep Ball Defender
 4.Amazing Parrots Screensaver
 5.FlashCam Rebroadcasting server
 6.MysqlDataBackupTool
 7.Photo-Paint 9 script converter
 8.Fast PDF converter
 9.Apex iPod Video Converter Home Edition
Security News
iSekurity Releases I...
4.2 Million Credit C...
Free Trustix Linux E...
Web Browser is the N...
CA’s Web Site Hacked...
Beware of Holidays I...
Vista is the 2008 ha...
Symantec Mobile Secu...
New bug found in Mad...
Web Mafia Hits Every...
RSS / Atom Feeds
SANS Top-20 Internet Security Attack Targets: Security, Enterprise, and Directory Management Servers Attacks (1/2)  
Author: Max : 2006/11/23 Printer Friendly Page Tell a Friend
Security, Enterprise, and Directory Management Servers Attacks 
C8.1 Description

Applications such as on-server virus and spam filters, directory servers, and management and monitoring systems pose a unique security challenge; in addition to compromising the system hosting them, they provide opportunities to attack other systems.

C8.2 Applications Affected

These applications can be divided into multiple categories:


  • Directory Servers - Used to maintain user and system information. Compromising these applications can give access to large amounts of information, including usernames and (possibly encrypted) passwords.


  • Monitoring Systems - Used to monitor various other systems. These applications often have user accounts on monitored clients, allowing an attacker easy access to client systems.


  • Configuration and Patch Systems - These systems are used to maintain client configurations and patches. Compromising these systems provides an easy path to further distribute malware.


  • Spam and Virus Scanners - Vulnerabilities in these systems can often be exploited with little or no user interaction, by simply sending a specially-crafted email message. Once compromised, attackers can more easily send spam and virus-containing emails. Additionally, these systems often contain vital information, such as users' mailboxes.




These applications tend to run on a variety of operating systems, including common systems such as Microsoft Windows or Solaris, and rarer systems like HP-UX and Novell Netware.

C8.3 CVE Entries

CVE-2006-5478, CVE-2006-4509, CVE-2006-4510, CVE-2006-4177, CVE-2006-2496, CVE-2006-0992, CVE-2005-3653, CVE-2005-1928, CVE-2005-1929


C8.4 How to Determine If You Are at Risk


  • Use a vulnerability scanner.

  • Track vendor security announcements.



C8.5 How to Protect Against These Vulnerabilities


  • Keep the systems updated with all the latest patches and service packs. if provided, use an automatic update system.

  • Use Intrusion Prevention/Detection Systems to prevent/detect attacks exploiting these vulnerabilities.

  • Ensure that only authorized users and systems have access to the affected systems.
 Page: 1 2 

Return to Category | Return To Main Index
Identity Theft Protection Services :
LifeLock Identity Theft Prevention Solution
Veracity Credit Optimization Services
Equifax Credit Watch
 Free Credit Report
Identity Truth
Privacy Matters 123



 

HOME | NEWS | SECURITY BLOG | TOOLS | DOWNLOADS | SECURITY BOOKS | TIPS | SITEMAP | TERMS AND CONDITIONS | INTERNET SECURITY SEARCH ENGINE | ADVERTISE ON THIS SITE | CONTACT
Nov '07 | Dec '07 | Jan '08 | Feb '08 | Mar '08 | Apr '08 | May '08 | Jun '08 
Best Security Downloads offers 4000+ free and free to try security downloads