As of November 2006, the System Administration, Networking, and Security (SANS) Institute issued its annual update for the most important new vulnerabilities that attackers are actively exploiting to take over computers and obtain sensitive and valuable information. SANS identified six major attack trends at the end of 2006. Those are listed below along with some possible countermeasures you can take to defend the listed vulnerabilities:
| SANS 2006 Attack Trend | Countermeasures to Attack |
|---|---|
| 1. Surge in zero-day vulnerabilities and attacks that go beyond Internet Explorer to target other Microsoft software | Check Point provides zero-day protection through its SmartDefense intrusion prevention technologies found in all products. By understanding how applications are supposed to behave, SmartDefense is able to detect previously unknown malicious attacks |
| 2. Rapid growth in attacks exploiting vulnerabilities in ubiquitous Microsoft Office products such as PowerPoint and Excel |
With UTM functionality built into VPN-1 UTM and UTM-1 Edge, administrators can detect viruses coming across common attack vectors such as email, FTP, or the Web. Using SmartDefense, organizations can control instant messaging and peer-to-peer networks, two other common attack vectors And if malicious code attempts to modify a program, Integrity detects this and blocks it from spreading |
| 3. Continuing growth in targeted attacks | The Check Point family of security solutions provides protection against the latest attacks through SmartDefense Services |
| 4. Evidence of much greater penetration of military and government contractor sites using spear-phishing attacks, likely heralding a spread to target other types of organizations | Web Intelligence, a module for VPN-1 and a technology included with Connectra, prevents cross-site scripting, a common technique used in phishing |
| 5. Voice over Internet Protocol (VoIP) attacks used now to make money by reselling minutes and potentially for injection of misleading messages and even for creating massive outages in the old phone network | VPN-1 products provide a deep level of understanding for VoIP protocols from multiple vendors. For example, they can detect call fraud such as when a caller terminates billing but continues the conversation as well as provide VoIP Denial of Service prevention by providing an upper threshold on new sessions per second |
| 6. Massive and still increasing exploits of vulnerabilities in Web applications | SmartDefense intrusion prevention, working in conjunction with Web Intelligence, enables companies to protect their Web applications and receive the latest defenses through SmartDefense Services Connectra provides SSL VPN access to Web applications while providing the same level of protection found in VPN-1 gateways |
See the SANS Institute press update for expert analysis on these trends.
Top-20 Internet Security Targets for 2006*
The SANS Top-20 2006 is a consensus list of vulnerabilities that require immediate remediation. It is the result of a process that brought together dozens of leading security experts and includes systematic instructions and pointers to additional information useful for correcting the security flaws:- Internet Explorer
- Windows Libraries
- Microsoft Office
- Windows Services
- Windows Configuration Weaknesses
- Mac OS X
- UNIX Configuration Weaknesses
- Web Applications
- Database Software
- P2P File Sharing Applications
- Instant Messaging
- Media Players
- DNS Servers
- Backup Software
- Security, Enterprise, and Directory Management Servers
- VoIP Servers and Phones
- Network and Other Devices Common Configuration Weaknesses
- Excessive User Rights and Unauthorized Devices
- Users (Phishing/Spear Phishing)
- Zero Day Attacks and Prevention Strategies
*Source: SANS Top-20 Internet Security Attack Targets (2006 Annual Update), SANS Institute, November 2006.