Article

A security checklist for IT managers

Jan Stafford

Somebody out there is out to break into your network. That somebody is six times more likely to succeed if the network runs on Windows rather than Unix, according to a study by BindView Corp. The good news, says BindView director of security strategy Scott Blake, is that the odds against a hacker succeeding in his nefarious attack are high if an IT manager stays on top of a few mundane security management tasks. In this SearchWindows2000.com/Manageability exclusive, Blake prioritizes those tasks and discusses their importance.

searchWindowsManageability: Is Windows more vulnerable to security attacks than other operating systems?
Blake:

We did a study on this last year. We found that Windows NT Web servers are successfully broken into six times more than Unix Web servers. The study assumed, however, that Windows and Unix are targeted evenly. If you assume that every Web server is attacked once a week, regardless of what OS it runs, then you're six times more at risk if you're running NT than if you're running Unix. Even if Windows NT servers are targeted more frequently than Unix servers, it's safe to say that you're still more at risk running Windows.

searchWindowsManageability: What should IT managers' top security management

    Requires Free Membership to View

priority be?
Blake:

Number one priority should be getting security patches installed on the system. Almost all of the high profile security problems that we've seen in the last couple of years have been result of old security issues, not new flaw that somebody discovered and used to break in to systems before anybody knew what was going on. These have been security breaches caused by things managers have known about a minimum of 6 months, or even two or three years. The patches for the problem have been in existence, but no one installed them. If everyone installed patches, life would be a lot harder for hackers.

searchWindowsManageability: What should be next on IT managers' security daily agenda?
Blake:

Make sure that user management is in good shape. Enact strong passwords and stronger authentication methods, whenever possible. Passwords are increasingly inadequate as an authentication mechanism. As computers are getting faster, it's getting easier to brute force passwords.

searchWindowsManageability: What would be an alternative to passwords?
Blake:

Any strong authentication method, such as Secure ID or ActiveCard or CrytoCard. Most certificate implementations, however, are reducable to a password, with the additional step (for the attacker) that you have to compromise the client machine rather than going after the server. That's usually easier anyway, because people don't pay as much attention to the security of the clients as they do to their servers.

searchWindowsManageability: Most companies don't go beyond simple passwords, do they?
Blake:

That's correct. They don't, because it's hard and expensive. Users don't like to use anything beyond simple passwords. Users don't want to do a lot of security or even use good passwords. A good password is something that can't be found in a dictionary. It's a mixture of numbers and letters with as many characters as possible as randomly as possible. You want as much randomness in the password as possible, but people aren't very good at remembering or generating random passwords.

searchWindowsManagability: What are other security management tasks that get overlooked too often?
Blake:

Managers often don't pay attention to what is happening on the system, reading the logs as things are going on. They don't do this, because reading logs is tedious; but it's extremely important to the security of the system to do this.

searchWindowsManageability: Are there tools that simplify this task?
Blake:

There are tools that help you reduce audit logs into manageable chunks and pull out important items. Host-based intrusion detection, such as CyberSafe's Centrax, is the best tool for going through log files. For keeping up with patches, a good option is vulnerability assessment tools, software that has a database of problems that software vendors have created patches for.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: