How concerned are you about security in your organization?
6th Jun 2009 | category: Security/Firewalls | Hits: 3912I’ve met so many IT managers in my career some are friends and others are clients but one thing most of them share is taking security for the company IT facilities for granted. To them the term belongs to “big operations” like Telecoms and banks.
Most IT managers believe buying “state of the art” hardware is good enough….but wait a minute! these just represent computing power not configuration. Most of the settings are left default, leaving unwanted ports and services running that may lead to your systems being comprised.
The threat of hackers, malware and Trojans is for real and maybe from internal or external factors. I know of a few big IT firms that have been hacked because they lacked simple streamlined security policies. These are basically guidelines to what should be allowed and denied on the network. Information technology has become so imbedded in our lives that we practically live with it. Business can’t leave without it and it’s the bloodline of business these days.
A few months ago I had an experience with a friend; he is kind of a big man in a corporate IT firm here in town. I proposed a security audit on his network to be certain that it’s secure. Trust me he gave me a lecture of how he’s using “open source” software, a “state of art” Cisco pix firewall which made his network hack free.
He actually wanted to bet that if anyone ever breaks/hacks in his network, cover my weekend cost for a full month would be taken care of. Unfortunately I didn’t take the bet but I wish I had, because months down the road someone got into his web server. He actually thought I had done it.
The good thing he didn’t lose his job but I can’t be sure you won’t. When you run or setup a server let it be windows or Linux try to analyze the services and ports that are open. In my experience most of these are not really needed and are a security threat. Lastly try to sign onto one of those online mailing lists or forums or blog u can checkout security info. Visit www.securityfocus.com they really have some good topics.
When you look at the statistics, most of the computers that form the botnet belong to small enterprises and home users. We all need to carryout an audit we really don’t need to wait for the accounts to avail the money for an outsider to carry it out. All you need is some free tools especially the open source ones but be careful not to download a Trojan.