Facts

Several organizations have been established during the past years to focus on the security threats arising in the Internet environment. Some of them are The Security Group at the Carnegie Melon Software Engineering Centre (CERT), System Administration, Networking and Security Institute (SANS) and U.S. DoE Computer Incident Advisory Capability (CIAC). One of the interests of the agencies were statistics related to the security attacks that take place daily.

To illustrate the rate of increase in the number of attacks relevant statistics originating from CERT's web site [8] is included in Table 3.2.1.

Table 3.1: Number of Incidents per Year

Year	1990	1991	1992	1993	1994	1995	1996
Incidents	252	406	773	1,334	2,340	2,412	2,573
Year	1997	1998	1999	2000	2001	2002	2003
Incidents	2,134	3,734	9,859	21,756	52,658	n/a	n/a

To give meaning to the striking numbers in Table 3.2.1 the following list names the top seven vulnerabilities exploited in 2001 on UNIX platforms, according to the SANS Institute [17]:

1. Buffer Overflows in RPC Services
2. Sendmail Vulnerabilities
3. BIND Weaknesses
4. R Commands (rsh, rlogin, etc.)
5. LPD (remote printing protocol daemon)
6. sadmind and mountd
7. Default SNMP Strings

The proportion of the numbers from Table 3.2.1 that can be attributed to the above vulnerabilities is roughly proportional to the percentage of UNIX servers on the Internet. And the number of affected Linux systems is proportional to the number of Linux servers among other UNIX servers. Emphasis should be placed on the fact that the number of reported incidents is very different from the actual number of incidents that occurred but were not reported or were not detected.