Don Philmlee

The SANS Institute has just published its annual Top 20 Internet Security Attack Targets list for 2006. As you would expect a few of the targets are against Microsoft, Unix, instant messaging and more, but suprisingly Apple’s OS X was also included (The first viruses and trojans for the Mac OS X platform were discovered in the past year). Fortunately SANS only describes ways to remediate the problems, but is kind enough to not describe how to create the security problems.  The following is their list of 20 targets:

Operating Systems

Cross-Platform Applications

• C1 Web Applications
• C2. Database Software
• C3. P2P File Sharing Applications
• C4 Instant Messaging
• C5. Media Players
• C6. DNS Servers
• C7. Backup Software
• C8. Security, Enterprise, and Directory Management Servers

Network Devices

Security Policy and Personnel

• H1. Excessive User Rights and Unauthorized Devices
• H2. Users (Phishing/Spear Phishing)

Special Section

• Z1. Zero Day Attacks and Prevention Strategies