Mistakes People Make that Lead to Security Breaches
Updated September 10, 2005
Technological holes draw of piece of work organisation human relationship for a corking set out of the successful break-ins, simply people produce their share, every bit well. Here are the SANS Institute's lists of light-headed things people produce that enable attackers to succeed.
The Five Worst Security Mistakes End Users Make
1. Failing to install anti-virus, decease on its signatures upwards to date, in addition to apply it to all files.
2. Opening unsolicited electronic mail attachments without verifying their root in addition to checking their content first, or executing games or enshroud savers or other programs from untrusted sources.
3. Failing to install safety patches-especially for Microsoft Office, Microsoft Internet Explorer, Firefox, in addition to Netscape.
4. Not making in addition to testing backups.
5. Being connected to to a greater extent than than i network such every bit wireless in addition to a physical Ethernet or using a modem piece connected through a local expanse network.
The Seven Worst Security Mistakes Senior Executives Make
1. Assigning untrained people to keep safety in addition to providing neither the grooming nor the fourth dimension to acquire into possible to larn in addition to produce the job.
2. Failing to empathise the human relationship of data safety to the draw of piece of work organisation problem-they empathise physical safety simply produce non come across the consequences of piteous data security.
3. Failing to bargain amongst the operational aspects of security: making a few fixes in addition to and thence non allowing the follow through necessary to ensure the problems remain fixed
4. Relying primarily on a firewall.
5. Failing to realize how much coin their data in addition to organizational reputations are worth.
6. Authorizing reactive, short-term fixes thence problems re-emerge rapidly.
7. Pretending the occupation volition acquire away if they ignore it.
The Ten Worst Security Mistakes Information Technology People Make
1. Connecting systems to the Internet earlier hardening them.
2. Connecting examination systems to the Internet amongst default accounts/passwords
3. Failing to update systems when safety holes are found.
4. Using telnet in addition to other unencrypted protocols for managing systems, routers, firewalls, in addition to PKI.
5. Giving users passwords over the telephone or changing user passwords inward reply to telephone or personal requests when the requester is non authenticated.
6. Failing to keep in addition to examination backups.
7. Running unnecessary services, particularly ftpd, telnetd, finger, rpc, mail, rservices
8. Implementing firewalls amongst rules that don't halt malicious or unsafe traffic-incoming or outgoing.
9. Failing to implement or update virus detection software
10. Failing to educate users on what to await for in addition to what to produce when they come across a potential safety problem.
And a bonus, set out 11: Allowing untrained, uncertified people to accept responsibleness for securing of import systems.