Security News:

The Ten Worst Security Mistakes Information

Technology People Make...

1. Connecting systems to the Internet before hardening them(removing unnecessary services and patching necessary ones).

2. Connecting test systems to the Internet with default accounts/passwords.

3. Failing to update systems when security vulnerabilities are found and patches or upgrades are available.

4. Using telnet and other unencrypted protocols for managing systems, routers, firewalls, and PKI.

5. Giving users passwords over the phone or changing user passwords in response to telephone or personal requests when the requester is not authenticated.

6. Failing to maintain and test backups.

7. Running unnecessary services, especially ftpd, telnetd, finger, rpc, mail, rservices.

8. Implementing firewalls with rules that allow malicious or dangerous traffic - incoming or outgoing.

9. Failing to implement or update virus detection software.

10. Failing to educate users on what to look for and what to do when they see a potential security problem.

 

--according to the SANS Institute

 

  

Home | Contact
Copyright © 2001 Business Recovery Concepts Inc. All Rights Reserved.