SANS Institute's web site is one of the most useful resources to visit/use for those interested in computer security issues.

One of the recent additions to the institute's vast range of security resources on the web site is a listing of the ten most critical security threats and how to eliminate them. This is a list which is put together by an impressive range of security experts, and the list is often updated as the threats change and as elimination methods are refined.

The list involves threats on different levels and operating systems.

As hackers - similar to most other people - are lazy, they rely on the fact that many computers are not updated with vendors' security patches. As these computers are left open to well-known security flaws, hackers may target such computers instead of researching more obscure or new (unknown) security flaws. Targeting such vulnerable computers may be carried out in a automatic manner by scanning parts of the Internet for computers with particular characteristics - e.g. special open ports which are used by known backdoor programs.

System administrators on the other hand are often overwhelmed by security information and security patches. It may be difficult to see which of these that are crucial and which less important.

This list of the Ten Most Often Exploited Internet Security Flaws from SANS Institute should be an invaluable help in finding out if your systems are vulnerable to the most "popular" attacks and what to do to secure them.

It is highly recommended to visit SANS Institute's web page on the ten most critical security threats on a regular basis.

Per Olav Førland