In your opinion, what are the most important things an administrator has to do in order to keep a network secure?
Although it's mundane, keeping systems patched is the single most important thing an admin can do. They have to read the latest vulnerabilities, get patches, test the patches, apply them to the systems, and then verify their systems. It's a lot of work, and tends to be somewhat mindless, but it's essential!
After that, admins needs to know how to check their systems for anomalous activities. They need to understand how to detect sniffers, rootkits, backdoors, and other tools used by the bad guys.
What is, in your opinion, the biggest challenge in protecting sensitive information at the enterprise level?
The overwhelming flood of patches to fix vulnerabilities is very difficult to deal with. We actually have data glut, with a constant flow of vulnerability notices, threat indications, attack detection, and so on. It's hard keeping up with all of this information, and figuring out what is really important.
What are your future plans? Any exciting new projects?
I'm working on another book. This next tome will be more focused on specific attacks than the last one. I'm pretty excited about it.
Additionally, I write monthly "Crack the Hacker" challenges to test readers' knowledge of handling various computer attack scenarios. I write up a scenario based on some movie theme, and pose various questions at the end. So far, I've written Spider-Hack, Hack to the Future, How the Grinch Hacked Christmas, and many others. They are located at counterhack.net.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.