The Top 10 Internet Security Screw Ups
by Tom Salkield - Managing Director, NetConnect - Tuesday, 25 November 2003.
With over 10 years experience of defending against Internet Security threats, Tom Salkield, Managing Director of NetConnect, has seen it all. NetConnect, part of Netstore plc, is one of founders of the UK Internet Security industry, and Tom has dealt with just about every end-user mistake, error and cock-up that you could imagine. Here we have asked him to list his current top ten Internet security screw ups. So here they are, in reverse order:

10) Failing to archive firewall log files. Firewalls are often correctly configured with full logging enabled. This tends to generate massive amounts of data, but often they are referred to only when there is a problem. However, left un-tended they can become a problem in their own right. Before you know it you have 10GB of data and a shortage of disk space. Complete system failure soon follows and often the system has to be rebuilt from scratch.

9) Not knowing where your passwords are documented. Nothing makes supporting customers more of a challenge than if they cannot remember where their passwords are documented. That is, of course, if they had correctly and securely documented them at all. Often passwords remain in the heads of administrators, and are simply shared by word of mouth. You might as well write them on a poster and display them on an office wall.

8) Not scanning emails for viruses. Without question, email borne viruses are today the biggest Internet Security threat. Fortunately most businesses and large networks have email virus scanning - either deployed in-house or using one of the growing number of managed services. Unfortunately some businesses, typically SMEs, still don't see the need, thinking that it is sufficient to deploy workstation virus products. Why let the viruses through the front door in the first place?

7) Not blocking Instant Messaging on your firewall. With Microsoft now in a big push to get people using their IM technology we are beginning to see IM clients freely deployed in businesses, mainly by users. Without proper auditing and control, IM simply opens up a porthole that can be used by the unscrupulous to disseminate viruses and worms. If you haven't thought through the challenges of allowing IM onto your network, the simplest thing to do is to block it at the firewall.

6) Depending on users to patch their own workstations. Let's face it; users are terrible at following instructions. We all know how difficult Microsoft make it for administrators to keep their products properly patched. There are tools to make life easier although it has to be said that some seem to make the task of patching more difficult. Hopefully one day MS will crack the problem, but until then, depending on users to patch reliably and regularly is a strategy destined for disaster.

5) Not having an incident response plan. All networking and security professionals know that even with the best planning in the world, something will still go wrong. It simply isn't possible, with today's complex environments, to be 100% secure. As luck would have it, the first major problem will come while you are on holiday up some remote hillside in Tuscany. Have an incident response plan, even a very simple one; at least it is a start. What are you going to do when a problem arises, who are you going to call from help and why-oh-why didn't you print if off rather than leave it stored on a fileserver which no-one can now log into?

4) Failing to disable accounts for departed employees. You would not believe how frequently HR fails to tell IT that an employee has left the business. They might, if you are lucky, remember to ask them for their mobile phone, but hey, why not let's leave all their remote access in place!


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th