If It Ain't Broke See If It's Fixed

Tuesday, 17 December 2002, 3:38 AM EST

Many administrators are already overworked with other system administration tasks or keeping a system up and running. Also, administering in a large network environment with a small computer staff doesn't help the issue of keeping systems secure. Attackers know that and are actively exploiting it.

The availability of attack tools and people posting bugs in software only puts an urgency on keeping systems secure. In his book Secrets and Lies Bruce Schneier stated very simply that the Internet is "...a perfect medium for propagating successful attack tools. Only the first attacker has to be skilled; every one else can use his software."(Schneier) The availability of the Internet today is a blessing and a curse (though only a small portion is a curse). The blessing is that for each exploit of a well-known vulnerability there are a lot more resources on how to fix these problem. SANS has a Top-Twenty List of the most common security vulnerabilities and what to do to fix each one. In cooperation with some commercial and open source organizations there are tools to help identify these vulnerabilities and documentation on how to fix these problems or mitigate the risks. The SANS list will help the overworked admins to identify and fix those vulnerabilities. The SANS lists and recommendations won't prevent attackers from compromising your servers but help minimize the risk of the most common attacks and it will make you AWARE. Awareness is critical on the part of the admins and users.

[ Read more ]




Spotlight

USBdriveby: Compromising computers with a $20 microcontroller

Posted on 19 December 2014.  |  Security researcher Samy Kamkar has devised a fast and easy way to compromise an unlocked computer and open a backdoor on it: a simple and cheap ($20) pre-programmed Teensy microcontroller.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Fri, Dec 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //