{"id":386,"date":"2007-12-04T19:39:58","date_gmt":"2007-12-04T17:39:58","guid":{"rendered":"http:\/\/www.mitternachtshacking.de\/blog\/386-sans-top-20-2007"},"modified":"2012-06-07T09:59:43","modified_gmt":"2012-06-07T08:59:43","slug":"sans-top-20-2007","status":"publish","type":"post","link":"https:\/\/www.mitternachtshacking.de\/blog\/386-sans-top-20-2007","title":{"rendered":"SANS Top 20 2007"},"content":{"rendered":"<p>Schon einige Zeit online aber bisher \u00fcbersehen, die aktuelle neue <a href=\"http:\/\/www.sans.org\/top20\/\">SANS Top 20<\/a> ist online.<\/p>\n<p>Client-side Vulnerabilities in:<\/p>\n<ul>\n<li>C1. Web Browsers<\/li>\n<li>C2. Office Software<\/li>\n<li>C3. Email Clients<\/li>\n<li>C4. Media Players<\/li>\n<\/ul>\n<p>Server-side Vulnerabilities in:<\/p>\n<ul>\n<li>S1. Web Applications<\/li>\n<li>S2. Windows Services<\/li>\n<li>S3. Unix and Mac OS Services<\/li>\n<li>S4. Backup Software<\/li>\n<li>S5. Anti-virus Software<\/li>\n<li>S6. Management Servers<\/li>\n<li>S7. Database Software<\/li>\n<\/ul>\n<p>Security Policy and Personnel:<\/p>\n<ul>\n<li>H1. Excessive User Rights and Unauthorized Devices<\/li>\n<li>H2. Phishing\/Spear Phishing<\/li>\n<li>H3. Unencrypted Laptops and Removable Media<\/li>\n<\/ul>\n<p>Application Abuse:<\/p>\n<ul>\n<li>A1. Instant Messaging<\/li>\n<li>A2. Peer-to-Peer Programs<\/li>\n<\/ul>\n<p>Network Devices:<\/p>\n<ul>\n<li>N1. VoIP Servers and Phones<\/li>\n<\/ul>\n<p>Zero Day Attacks:<\/p>\n<ul>\n<li>Z1. Zero Day Attacks<\/li>\n<\/ul>\n<p>Webbrowser und Webapplikationen ganz oben sind nat\u00fcrlich kein Wunder. Office hat die zweite Stelle bei Client-side Vulnerabilities gewonnen, aber mein Eindruck ist eher, die Angreifer ziehen bereits weiter (z.B. Quicktime). Neu ist der Punkt H3, unverschl\u00fcsselte Laptops und Datentr\u00e4ger. Mal sehen, ob das bei <a href=\"http:\/\/search.theregister.co.uk\/?q=ernst+young+laptop&#038;site=&#038;psite=0\">Ernst &#038; Young<\/a> jemand zur Kenntnis nimmt.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Schon einige Zeit online aber bisher \u00fcbersehen, die aktuelle neue SANS Top 20 ist online. Client-side Vulnerabilities in: C1. Web Browsers C2. Office Software C3. Email Clients C4. Media Players Server-side Vulnerabilities in: S1. Web Applications S2. Windows Services S3. Unix and Mac OS Services S4. Backup Software S5. Anti-virus Software S6. Management Servers S7. [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[9,8,10,6],"tags":[],"_links":{"self":[{"href":"https:\/\/www.mitternachtshacking.de\/blog\/wp-json\/wp\/v2\/posts\/386"}],"collection":[{"href":"https:\/\/www.mitternachtshacking.de\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mitternachtshacking.de\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mitternachtshacking.de\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mitternachtshacking.de\/blog\/wp-json\/wp\/v2\/comments?post=386"}],"version-history":[{"count":0,"href":"https:\/\/www.mitternachtshacking.de\/blog\/wp-json\/wp\/v2\/posts\/386\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.mitternachtshacking.de\/blog\/wp-json\/wp\/v2\/media?parent=386"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mitternachtshacking.de\/blog\/wp-json\/wp\/v2\/categories?post=386"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mitternachtshacking.de\/blog\/wp-json\/wp\/v2\/tags?post=386"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}