It could be a lonely end user challenging IT administration policies by downloading Napster. Or, maybe it's an...
unassuming end user who opens a virus-ridden e-mail. Regardless of how security vulnerabilities are exposed and viruses released, they are alive and kicking. Yet, catching up between setbacks is becoming a mind numbing process for many IT managers.
SearchWindowsManageability recently asked Windows managers what security issues they battle daily. In the first part of this series, we outlined five user security headaches and real world solutions. These last five security headaches offer more solutions that you and your troubled network could benefit from implementing, too.
What security headaches did we miss? Please e-mail editor@searchWindowsManageability.com.
- Getting timely information
IT manager Ratnam Subramaniam has several security gripes. He finds keeping track of security holes and getting fixes to be a time-consuming process. Finding out whether new software has code embedded to compromise the privacy and security is also not easy, he said. Not being able to test new software security before implementation worries him, too.
In a perfect world, Subramaniam would use intelligent software that would automatically test any system for security vulnerabilities.
In the real world, Subramaniam has resorted to waiting for problems to occur before fixing them. "Fixing the problem requires less effort than the prevention. We only pray that no unrecoverable damage is done."
For Network Administrator Mario Santos, getting support from Microsoft and finding timely information on its Web site is difficult. That makes securing his NT 4.0 servers and Internet Information Server 4.0 tough.
In a perfect world, there would be no errors in products, Santos said. In the real world, Santos is staying alert to every update and watching his network consistently.
- User-related problems
End users are Shahin Yousefi's biggest concern. At Linthicum, MD-based Ciena Corp, where Yousefi is a DBA, users often leave passwords blank and terminals unlocked, and they forward e-mails with viruses.
"Security holes are caused by users who think Gnutella-type programs are simply a fun way to get free music without understanding the company's exposure," said Kevin Doyle, Tech Services Specialist at Affinity Group, Inc. in Ventura, Calif. In a perfect world, Doyle's systems would take care of themselves, and he'd hang out on the beach.
But, back in reality, Doyle said he employs a multi-layer approach to security consisting of scanning e-mail and workstations for viruses. He also locks downs known port attacks on his company's firewall.
Tony Conte's biggest headaches also come from inside Racine, Wisc.-based Horizon Retail Construction, where he is the director of information and business systems. "End users feel they need access to things not directly relating to their jobs. That may cause holes in firewalls, or leave vulnerabilities open to prying eyes."
In IT manager Steve Saaf's perfect world, no hackers would exist. Another IT professional concurred: "All hackers and virus writers would be classified as info-terrorists and treated like any other terrorist." In the real world, that IT professional currently combats hack attacks by trying to create fixes as quickly as possible.
An innovative perfect world solution was suggested by one IT manager: "It would be beneficial if the top five vendors stopped the hackers by funding a lab that finds the weaknesses and fixes them." That way, the vulnerabilities are found internally, he said.
Gary Secor, vice president of Information Technology at IST Management Services in Atlanta, Ga., also listed risk from viruses and hackers as his top security concern. Those risks are "partially patch related and partially related to keeping security measures up-to-date as the network environment changes," he said.
Secor would like patches that work similarly to Symantec's Norton anti-virus updates, which are automatically applied. In reality, though, Secor keeps updated on virus definitions and tries to keep up with the critical patches on servers and workstations.
- Good security is time consuming
Another IT professional said the time it takes to maintain security is his biggest headache because, for one, it causes overwork. So, he dreamed up the following perfect world resolution. First, he suggested, create a free security information service or site that is always up-to-date. "Everyone would submit ALL their information ONLY to this resource," he said. Secondly, he suggested a button on searchWindowsManageability that updates all servers and clients perfectly with the latest security fixes, but with no reboots necessary. Lastly, he'd like Internet servers to have intelligent monitors that spot viruses or virus-like activity, intercept and manage them.
This manager, though, spends a lot of time checking many different information sources, "each with some new little nugget." He also keeps his staff informed. "We have had almost 90 copies of Nimda, Badtrans, Magistr.nnnnn, Goner.a recently and nobody has opened anything so far," he concluded.
One IT manager tries to let anti-virus software do its job. Additionally, he makes sure it is running on all parts of the network and updating correctly. But, he admitted: "The fear is real. It causes stress and sometimes overreaction. Security is never up-to-date."
FOR MORE INFORMATION
What are your Windows security headaches? Email editor@searchWindowsManageability.com