May 1, 2006
The SANS/FBI Top Twenty vulnerabilities list was updated this week for the 2006 Annual Update.
http://www.sans.org/top20/?ref=1814
The reader is directed to pay particular attention to the format of this listing, which now describes, in a straight forward manner, the vulnerability category and how to address the issue. Initially, the SANS/FBI Top Twenty were just a list, and you had to tough it out to find out how to deal with them.
My interest here flares at the many configuration based vulnerabilities, and how prevalent they are in the university computing environment today. Perhaps in our universities, a basic 'security curriculum' at the baccalaureate level should be required, which would cover vulnerability and systems risk management competencies in this arena.
If you are a serious student of engineering, computer science, science, or any information technology enabled (or burdened) field (informatics), you need to have the capability of building and configuring IT research systems such that they do not become easy targets or themselves platforms for other attacks. Take a look at this SANS/FBI listing, and see what you have done in your daily computing routine to address these issues.
Don't be a victim.
Lux
Posted by Thomas Siu at 01:08 PM
