On Thu, 15 Jan 2004 13:55:18 EST, Mary Landesman said: > ubiquitous. Cisco is running a poll right now to see which of the 17 > critical patches are most important to users, because they only have the > manpower to fix 10 of them. Should we all stop using Cisco products? Correction 1: Cisco isn't running the poll, SANS is. Correction 2: Patches and proper configuration guidelines *are* *available* for all 17. Correction 3: Cisco has the manpower. The lack of manpower is at THE END USER SITE. This is a continuation of the SANS Top 10/Top 20 lists, where we recognize that the average site is *NOT* going to devote the manpower to actually secure their networks, so we create a list of "At least put in just a few hours and patch these worst problems so you're not a TOTAL sitting duck". The question is basically: We've found 17 common misconfigs that can be security problems. If a site isn't willing to do all 17, which 10 have the best bang/buck return if we can only get them to fix SOME of them? (And yes, if you have more time, http://www.cisecurity.org/bench_cisco.html has more info on hardening Cisco routers - this is for the sites that aren't going to be that gung-ho about it. And there's other docs at SANS and Cisco on how to harden the routers even further if you're REALLY ambitious/concerned). The original SANS posting: --- Top Ten Cisco Security Vulnerabilities Project Update. The project team has identified seventeen vulnerabilities that appear to be critical. You can help with the next step of prioritizing the 17 to help the team select the Top 10. Then the team will develop a guide organizations can use to protect themselves against exploits of the Top Ten. If you are willing to help by rating the 17 candidates, send email to info@sans.org with the subject Cisco Top 10. --- See http://www.sans.org/top20/ for an example of what we're trying to do...
Attachment:
pgp00031.pgp
Description: PGP signature