Don't leave holes in your patching policies
If the IT industry was subject to the same restrictions as the car industry, the number of equipment recalls would be so huge that many companies would go out of business.
Bugs are an inevitable problem in a sector where companies are driven by shareholders to rush out equipment before it is ready. From a security perspective, this presents users with a huge problem. Empirical evidence suggests that the average device - whether it is a perimeter network resource such as a firewall or router, or a core device such as a server - has more holes in it than a piece of Gruyere.
One of the rarest but most devastating security vulnerabilities in host computers is the buffer overflow error, said Gary Jones, professional services manager of security consultancy MIS Corporate Defence Solutions.
Simply bombarding user-facing memory space with data can cause data to overrun pre-allocated memory, forcing the input into an executable part of the memory. Hackers can use this to run code of their own and possibly gain control of the system.
[ Read more ]