lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 16 Jan 2004 23:07:35 -0500
To: Mary Landesman <>
Cc: "David F. Skoll" <>,,,,
Subject: Re: Re: January 15 is Personal Firewall Day, help the cause

On Thu, 15 Jan 2004 13:55:18 EST, Mary Landesman said:

> ubiquitous. Cisco is running a poll right now to see which of the 17
> critical patches are most important to users, because they only have the
> manpower to fix 10 of them. Should we all stop using Cisco products?

Correction 1: Cisco isn't running the poll, SANS is.

Correction 2: Patches and proper configuration guidelines *are* *available* for all 17.

Correction 3: Cisco has the manpower.  The lack of manpower is at THE END USER SITE.

This is a continuation of the SANS Top 10/Top 20 lists, where we recognize that
the average site is *NOT* going to devote the manpower to actually secure their
networks, so we create a list of "At least put in just a few hours and patch
these worst problems so you're not a TOTAL sitting duck".  The question is
basically:  We've found 17 common misconfigs that can be security problems.
If a site isn't willing to do all 17, which 10 have the best bang/buck return if
we can only get them to fix SOME of them?

(And yes, if you have more time,
has more info on hardening Cisco routers - this is for the sites that aren't going
to be that gung-ho about it.  And there's other docs at SANS and Cisco on how
to harden the routers even further if you're REALLY ambitious/concerned).

The original SANS posting:
Top Ten Cisco Security Vulnerabilities Project Update.  The project team
has identified seventeen vulnerabilities that appear to be critical.
You can help with the next step of prioritizing the 17 to help the team
select the Top 10. Then the team will develop a guide organizations can
use to protect themselves against exploits of the Top Ten. If you are
willing to help by rating the 17 candidates, send email to
with the subject Cisco Top 10.

See for an example of what we're trying to do...

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists