SANS/FBI Top 20 Vulnerability Test Suite
On Oct 1, 2002, SANS and FBI
jointly
published a list of the 20 most important
Internet security vulnerabilities categories,
for both Windows and Unix systems. SecuritySpace's comprehensive
security vulnerability suite includes most of these vulnerabilities.
The following tables list these vulnerability categories and whether we
can test for them.
| Unix Vulnerability Categories | Tested |
| Remote Procedure Calls (RPC) | Yes |
| Apache Web Server | Yes |
| Secure Shell (SSH) | Yes |
| Simple Network Management Protocol (SNMP) | Yes |
| File Transfer Protocol (FTP) | Yes |
| R-Services -- Trust Relationships | Yes |
| Line Printer Daemon (LPD) | Yes |
| Sendmail | Yes |
| BIND/DNS | Yes |
| Accounts with No Passwords
or Weak Passwords | Yes |
| Windows Vulnerability Categories | Tested |
| Internet Information Services (IIS) | Yes |
| Microsoft Remote Data Services | Yes |
| Microsoft SQL Server | Yes |
| NETBIOS -- Unprotected Windows Networking Shares | Yes |
| Anonymous Logon -- Null Sessions | Yes |
| LAN Manager Authentication -- Weak LM Hashing | No1 |
| Accounts
with No Passwords or Weak Passwords | Yes |
| Internet Explorer | No2 |
| Remote Registry Access | Yes |
| Windows Scripting Host | No3 |
1. Weaknesses in LanMan Hashes can be exploited using password
crackers that apply dictionary attacks against easily guessed hashes.
The SecuritySpace Audit suite, as a policy decision, does not execute
password cracking tools against either Unix or Windows systems during the
course of an audit.
2. Internet Explorer weaknesses are typically exploited by
tricking users to visit malicious web pages. Browser weaknesses, as a whole,
only apply to systems where the user is actively surfing the web. They
cannot, without the cooperation of the user (in the form of asking the
user to visit a particular web page) be tested for remotely. SecuritySpace
audits do not include any browser tests, regardless of the browser type.
3. Windows Scripting attacks are again browser and email
based, and typically involve the delivery of malicious content to the
users system through mail delivery or surfing of the web by the user. The
"Love Bug" worm is an example of Scripting attack. SecuritySpace audits
do not include this class of tests due to the fact that it cannot be
remotely determined whether or not a user is susceptible to these attacks
without the user's cooperation during the test.
Note: Vulnerabilities tested for the SANS/FBI list is just a subset of our exiting and growing
150627
vulnerability tests, with new tests added on a weekly basis. The complete vulnerability suite is listed below.
| SecuritySpace's Vulnerability Suite |
 |
| Reports |
|
|
|
- identify and label the vulnerabilities from the "SANS/FBI Top 20 Vulnerabilities" report,
- provide detailed and comprehensive information on vulnerabilities and open ports found, along with the steps on how to fix them
- include a complete list of vulnerability tests executed during the audit, ordered by severity and categories
- include CVE identifiers and references to over 10,000 on-line resources and advisories
- prioritize vulnerabilities found by severity and category
- ability to add your own notes, using reports as a working document
| Pricing |
|
| Other info |
|
- To compare features of other audits, see our comparison chart
- To audit an IP address that you can't surf from, you need to confirm your ownership of this IP via our on-line form.
| Order Now |
|
To order an audit, you need to login in as a registered user. Please fill the appropriate form below (upon successful login, the order form will be presented).
