FBI's Top 20 web security tips

The FBI has teamed up with security watcher the Sans Institute to provide fixes for the 20 worst security threats on the internet.

According to the organisations, the Top 20 list is valuable because the majority of successful attacks on computer systems via the internet use exploits detailed on this list.

From Code Red and Nimda, through to the Solar Sunrise Pentagon hacking incident, all the attacks were successful because they exploited unpatched vulnerabilities on this list.

"These few software vulnerabilities account for the majority of successful attacks simply because attackers are opportunistic, taking the easiest and most convenient route," said Sans.

"They exploit the best-known flaws with the most effective and widely available attack tools. They count on organisations not fixing the problems, and they often attack indiscriminately, scanning the internet for any vulnerable systems," the Institute added.

The FBI and Sans hope that, by offering advice and fixes on a plate, users will be prompted to patch their systems before the next crisis appears.

A brief rundown of the current list, which will be updated as new vulnerabilities are exposed, is as follows:

• Default installation of operating systems and applications
• Weak passwords
• Incomplete backup of data
• Unneeded ports left open
• Packets not filtered for correct incoming and outgoing addresses
• Incomplete logging of network activity
• Vulnerable Common Gateway Interface programs
• Windows: vulnerability in the Unicode Standard allowing web servers to be hacked through a faulty URL
• Internet Services Application Programming Interface buffer overflows
• Internet Information Server Remote Data Services exploits
• Unprotected networking shares
• Null session connections
• Weak default password protection in LAN Manager
• Unix: Buffer overflow in remote procedure call services
• Sendmail vulnerabilities
• Berkley Internet Name Domain weaknesses
• R command weakness for connecting to remote systems
• Remote print control daemon
• Sadmind and mountd buffer overflows
• Default Simple Network Management Protocol settings.

The Top 20 virus scanner and fixes can be obtained free from the Sans Institute website here.