One of the most pressing needs for any security administrator is to understand which are the greatest threats facing
his organization. Any tactician (and security people are nothing if not tacticians) must know what his enemy is likely to do. Understanding capabilities is important, of course, but this is in the field of what could happen. Understanding likelihoods, on the other hand, turns ordinary intelligence gathering on the adversary into probably courses of action, and suggests countermeasures that should be taken to thwart likely threats.
But how are you to find out what people are likely to do? Well, one of the best ways is to study what's been done in the past and deduce from that study which weaknesses that have been exploited before you're vulnerable to. These would be the most likely areas that you should bring up to speed first. Then you can concentrate on the less likely avenues of attack that hackers and crackers see in your enterprise setup.
A good source for such information is the SANS (SysAdmin, Audit, Network, Security) Institute's list of the top 20 vulnerabilities. SANS, established in 1989, is an organization dedicated to allowing security professionals and others to learn from each other and share their understanding of security issues. SANs and the Federal Bureau of Investigation team up to come up with the annual SANS/FBI list of top 20 vulnerabilities.
This year's list, released in October of 2002, lists ten vulnerabilities each for Windows systems and for Unix systems (so you thought you were secure because you're running Unix). Topping the Windows list is IIS. Number two on the Unix list is Apache. But there are others, along with explanations of how hackers and crackers can exploit these vulnerabilities to your detriment.
Knowing your adversary can save you a lot of headaches. An ounce of prevention, after all, is worth a pound of cure.
About the author
David Gabel is the executive technology editor of TechTarget Inc.