Top 25 Vulnerabilities

User Accounts and Passwords

  • Usage of easy guessable passwords
  • Usage of non-expiring passwords
  • Missing account lock threshold for wrong entered passwords
  • Existance of old test accounts with administrative privileges
  • Existance of standard accounts with high privileges and without passwords (e.g. SQL Server sa accounts)
  • Undocumented permission assignment on files and olders

Clients and Servers

  • Missing Patches and Service Packs
  • Usage of old software versions with known vulnerabilities
  • Uncontrolles USB- and Firewire-Interfaces
  • Usage of old or falsified Antivirus software
  • Missing screensavers with password authentication during reactivation of a workstation
  • Mistakes in configuration of domain- or security policies
  • Running unnecessary services (e.g. FTP, SNMP, SMTP, Web)
  • Configuration mistakes in DNS servers (e.g. zone transfers allowed)
  • Inadequate monitoring of system events
  • Inadequate or erroneous data backups
  • Erroneous or missing documentation

Webservers

  • Standard installations / configurations of web servers
  • Erroneous CGI, PHP and ASP scripts on web servers

Routing and Remote Access

  • Erroneous router configurations (ACL, RIP)
  • Unsecure and not monitored remote access points
  • Mistakes in RAS policies for RAS and VPN access

Firewalls

  • Configuration mistakes in firewall systems
  • Missing Antivirus solutions for Internet Gateways

results matching ""

    No results matching ""