For me, my list comes for almost 20 years of IT related experience, along with several dozen high profile consulting gigs I have done in that timeframe, talking with other admins, and just keeping up with the day to day security issues that arise.
From: Ken Schaefer Sent: Wednesday, October 31, 2012 3:39 AM To: NT System Admin Issues Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) I’m curious to know how people are coming up with these lists. Are they based on personal experience of hacks in your own workplace? Or what you are seeing/reading “in the media”? My experience is a fair bit different to most of the responses so far. Cheers Ken From: Ziots, Edward [mailto:[email protected]] Sent: Wednesday, 31 October 2012 6:29 PM To: NT System Admin Issues Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) 1) Failure to properly harden their systems from attack. ( Patching, Access-lists, Firewall settings) 2) Using unapproved software on systems that introduces malware, or Trojan backdoors on systems. 3) Failure to properly use least privilege and separation of duties, to limit exposure to systems and processes. 4) Using vulnerable database/Web applications which are exposed to the internet and are vulnerable to OWASP top 10 (Especially SQLi and XSS) 5) Lack of proper ingress and egress filtering at firewall/VPN access into and out of the corporate network, DMZ and otherwise. 6) Failure to use Antivirus or out of date signatures for AV/HIPS to detect common known malware/Trojans ( Again getting less effective by the day since a lot of malware these days is custom and it is used to bypass AV detection. 7) Giving users admin privileges and not controlling code execution on endpoint systems (Again this is how most of the malware/malcode is getting on the systems in the first place ( drive by downloads, etc etc) Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization [email protected] From: Stu Sjouwerman [mailto:[email protected]] Sent: Tuesday, October 30, 2012 1:39 PM To: NT System Admin Issues Subject: 7 shortcuts To Get Your Network Hacked (huh?) Hi Guys, Yes, that was on purpose. In your opinion, what are the most gruesome errors a system admin can make which will result in getting their network hacked? Just jot down a few and reply to the list, I will tabulate and come up with the 7 most mentioned sorted by importance. This should be fun. Have at it !! Warm regards, Stu ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
