http://www.dslreports.com/forum/The-10-dumbest-mistakes-network-managers-make-22657582 en Sat, 11 Feb 2012 13:53:31 EDT Sat, 11 Feb 2012 13:53:31 EDT http://www.dslreports.com/forum/Re-The-10-dumbest-mistakes-network-managers-make-22660046 http://www.dslreports.com/forum/Re-The-10-dumbest-mistakes-network-managers-make-22660046 Mon, 06 Jul 2009 09:26:13 EDT http://www.dslreports.com/forum/Re-The-10-dumbest-mistakes-network-managers-make-22659202 http://www.dslreports.com/forum/Re-The-10-dumbest-mistakes-network-managers-make-22659202 Mon, 06 Jul 2009 00:05:50 EDT http://www.dslreports.com/forum/Re-The-10-dumbest-mistakes-network-managers-make-22659173 http://www.dslreports.com/forum/Re-The-10-dumbest-mistakes-network-managers-make-22659173 Sun, 05 Jul 2009 23:56:56 EDT http://www.dslreports.com/forum/Re-The-10-dumbest-mistakes-network-managers-make-22658631 http://www.dslreports.com/forum/Re-The-10-dumbest-mistakes-network-managers-make-22658631 Sun, 05 Jul 2009 21:18:22 EDT http://www.dslreports.com/forum/Re-The-10-dumbest-mistakes-network-managers-make-22658399 3. Failing to find SQL coding errors.
> 6. Failing to test noncritical applications for basic vulnerabilities.

I'm not sure that application issues are really in the network manager's bailiwick

> 9. Not knowing where credit card or other critical customer data is stored.

That's not a network issue either.

> 10. Not following the Payment Card Industry Data Security Standards.

Following PCI is the bare minimum - one should aim for actual security, not compliance with a standard (and they are often at odds).

Steve
--
Stephen J. Friedl | Unix Wizard | Microsoft Security MVP | Orange County, California USA | my web site]]> http://www.dslreports.com/forum/Re-The-10-dumbest-mistakes-network-managers-make-22658399 Sun, 05 Jul 2009 20:22:02 EDT http://www.dslreports.com/forum/Re-The-10-dumbest-mistakes-network-managers-make-22658025 --
AT&T dsl; Speedstream 5100b modem; openSuSE 11.0; firefox 3.0.11]]> http://www.dslreports.com/forum/Re-The-10-dumbest-mistakes-network-managers-make-22658025 Sun, 05 Jul 2009 18:16:51 EDT http://www.dslreports.com/forum/The-10-dumbest-mistakes-network-managers-make-22657582
When you look at the worst corporate security breaches, it's clear that network managers keep making the same mistakes over and over again, and that many of these mistakes are easy to avoid.

In 2008, Verizon Business analyzed 90 security breaches that represented 285 million compromised records. Most of these headline-grabbing incidents involved organized crime finding an unprotected opening into a network and using it to steal credit card data, Social Security numbers or other personally identifiable information.

What's astonishing is how often these security breaches were the result of network managers forgetting to take obvious steps to secure their systems, particularly non-critical servers.

"We're just not doing the basics," says Peter Tippett, vice president of innovation and technology at Verizon Business, who has been auditing security breaches for 18 years.

Tippett helped us put together a list of the simplest steps that a network manager can take to eliminate the majority of security breaches. Not to follow the items on this list would be, quite simply, stupid.

1. Not changing the default passwords on all network devices.
2. Sharing a password across multiple network devices.
3. Failing to find SQL coding errors.
4. Misconfiguring your access control lists.
5. Allowing nonsecure remote access and management software.
6. Failing to test noncritical applications for basic vulnerabilities.
7. Not adequately protecting your servers from malware.
8. Failing to configure your routers to prohibit unwanted outbound traffic.
9. Not knowing where credit card or other critical customer data is stored.
10. Not following the Payment Card Industry Data Security Standards.

»www.networkworld.com/news/2009/0···l?page=1
--
Smokey's Security Forums »www.smokey-services.eu/forums/
Smokey's Security Weblog »smokeys.wordpress.com/
Site Member ASAP - Alliance of Security Analysis Professionals]]> http://www.dslreports.com/forum/The-10-dumbest-mistakes-network-managers-make-22657582 Sun, 05 Jul 2009 16:09:55 EDT