INSIGHT: 23 network security mistakes that could get you fired

David Kelleher, Director of Communications, GFI Software, takes a look at those network security mistakes that could get you fired.

People are people, and we all make mistakes.

In most cases, it’s how we own up to these mistakes, learn from them and avoid repeating them that counts. Life is full of such learning opportunities.

However, depending on your boss, the impact to your organisation or its customers and the seriousness of the mistake, some can be career-limiting or, even worse, send you back to the job market before you even know it.

David Kelleher, Director of Communications, GFI Software, takes a look at those network security mistakes that could get you fired.

1. IP Any

Setting up a firewall rule that includes IP ANY is basically the same as removing the firewall. Yes, there will be times when this is actually required, but doing it by default is a really bad way to find out how secure your systems are.

It could lead to some interesting opportunities to evaluate your Internet bandwidth, disk storage, backups, and server (re)install capabilities.

2. Anonymous FTP write

Never allow anonymous FTP write. And yet, some of you reading this, someday, probably will. It will be a mistake. You might not even realise that server is Internet accessible.

But someone else will, probably within a couple of minutes of you clicking OK, and the next thing you know you’re hosting current release movies in interesting languages, cracked software and worse.

The only question is which comes first – does your FTP server run out of disk space or does someone send you a cease and desist notice for serving up copyrighted material?

3. Everyone – Full Control

Windows no longer makes this the default permissions applied when sharing data, but far too many admins still grant that permission because they think it reduces support issues or makes it easier for others, or maybe just because they don’t know any better.

Whether it’s inappropriate access or data is deleted, giving everyone full control is being generous to a fault.

4. Unpatched systems

The really scary thing is that most systems are compromised because they are misconfigured or unpatched. Unless it’s a zero-day issue, if one of your systems is compromised due to a missing patch, you’d better have your resume up to date.

If a business lead or your boss tells you that you cannot apply a patch, do two things. Get it in writing and get a date when you can patch, because without the former, you’re going to be the scapegoat should the worst occur.

Without the latter, that system may never get patched and then it’s just a ticking time bomb waiting to go off. And do automate the process with a patch management solution.

5. No antivirus

All systems should have up-to-date antivirus – 100% compliance, 100% of the time. Any admin who shuts off their antivirus and lets malware spread throughout the network should be taught a lesson and serve as a warning to the rest.

6. Expiring certificates

Nothing can wreck your day quite like a certificate expiring on a secure system and it happens too many times. The average time between a certificate expiring and a critical customer noticing it is 234 milliseconds, and the average time it takes the CIO to hear about this is under five minutes.

Most certificate authorities can renew current certificates in under an hour, but for some reason once the certificate expires it takes them a day and a half. You should regularly check every cert on every system, set calendar reminders for at least two weeks out for any expiring certificate, and renew them before they expire.

Almost all CAs will let you renew early and extend the new cert’s date out to give you more than the block of time. If yours does not, you need to get a new CA.

7. Open relay

You don’t have to turn off your email server to stop outbound mail flow. Just configure an open relay and watch as the entire Internet moves to ban you.

Once shunned like a diseased water buffalo, it can take days or even weeks to return things to normal and remove the stain on your company’s reputation. If your organisation cannot send out email they probably cannot conduct business, and someone will be held responsible for that. Don’t be that person.

Join the Computerworld New Zealand newsletter!

Error: Please check your email address.

Tags securityGFI Software

More about Business Software AllianceGFIGFI Software

Show Comments