10 Common Security Holes
Common security breaches by IT and business professionals - not just an attacker's expertise - contribute to the success of computer break-ins, the SANS Institute said 1 June 2000.
The security group released its Top 10 lists of Internet threats and mistakes made by information technology professionals and company executives.
SANS is a think tank that works with system and network administrators and security professionals in government, business and academia to share security information and solutions.
SANS found the 10 worst security mistakes IT people make are:
2. Connecting test systems to the Internet with default accounts/passwords
3. Failing to update systems when security holes are found
4. Using telnet and other unencrypted protocols for managing systems, routers, firewalls, and PKI
5. Giving passwords over the phone or changing user passwords in response to telephone or personal requests when the requester is not authenticated
6. Failing to maintain and test backups
7. Running unnecessary services, especially ftpd, telnetd, finger, rpc mail, rservices
8. Implementing firewalls with rules that don't stop malicious or dangerous traffic -- incoming or outgoing
9. Failing to implement or update virus-detection software
10. Failing to educate users on what to look for and what to do when they see a potential security problem
Mistakes by senior executives also add to security vulnerabilities, SANS said, including:
IT security is not just a technological issue – it should be a key business objective. With the growth in e-commerce security may provide real competitive advantage.
Please feel free to email us - firstname.lastname@example.org
Images and content are copyright to Cipher-IT Ltd
Site designed by Cipher-IT Ltd