CompStar Technologies



CompStar

 
  

Print Page
  

Bookmark Page
 

FBI Security Key: Avoiding Dumb Mistakes

Obvious Errors Still Among the Biggest Risks

While the FBI hasn't always been known for its own IT expertise, it has published a list of five common mistakes that companies make:

1. Default installation of operating systems and software. While it's certainly easy just to let the software installer use the file names, directories, user names, and even passwords it suggests as defaults, this makes it far easier for an intruder to break in. Once a hacker knows you are using a particular type of software, he will look for its files in the standard location, and try to compromise it with default passwords. If a company takes the time to fully customize its installation (including the deletion of pre-established users and passwords), the hacker's task is far more difficult.

2. Weak Passwords. According to the FBI, 40% of passwords are still "password". Hacker's usually begin with a list of common passwords - geeky words like "admin", "god", "gandalf", etc. are examples, in addition to variations of the user's name. If the 40% number is correct, that means that the overall group of "common" passwords probably accounts for well over half of all passwords. So don't use common words and names - combining words, adding numerals, capitalization, and/or punctuation, etc., all make things far more difficult for hackers.

3. Incomplete backup of data. Most companies have backup programs in place, and believe they are fully protecting their data in the event their systems are compromised or destroyed. In fact, there are often gaps in this protection. "In order to limit the time and media needed for a backup, system administrators often choose which essential data to back up," says Will Mellen, Systems Engineer at CompStar Technologies  "Even if they don't miss important data at the outset, over time new data may be created which is no longer being backed up."

Another problem, according to Mellen, is the storage of critical data on user machines. "Even if the the server is being properly backed up, individual users often have important documents and spreadsheets they maintain themselves stored on their own PC."  Proper procedures, says Mellen, dictate that user data of this type should be store in a directory on the server or in some other location where it can be properly protected.

Other factors cited by the FBI include ports left open unnecessarily and data packets not being filtered for proper origin and destination.

Not in the top 5 list, but still important according to Mellen, is the propensity for users to write their passwords in obvious locations, like sticky notes attached to their monitor or keyboard.

What's the point of this recitation of facts that everyone knows? It's simple - implementing sophisticated firewalls and the like may do little good when the most obvious ways of preventing intrusion or data loss are overlooked. Yes, companies need multiple levels of protection - but they mustn't forget about the easiest and most obvious steps they can take.

Resource:

Draft strategy to secure cyberspace

 IT Indiana - Home

- - - - - - - - - - - - - - - - - - - - - - - - - - - -

CompStar Technologies is a leading Indiana-based provider of networking, technology, and communications services. With offices in Mishawaka (serving South Bend, Elkhart, Warsaw, Michigan City, Fort Wayne, Niles, St. Joseph, and Benton Harbor, Michigan) and Indianapolis, CompStar provides network design / support, network security, wireless networking, business telephone systems, VoIP (voice over IP), and cctv / video surveillance systems. CompStar is the Technology Division of Direct Line Communications, headquartered in Mishawaka, Indiana.

 

    

Voip - Voice over IP



  


Home | Services | Contact | Careers | Mission | News | Locations| Video Surveillance
E-Commerce & Web Marketing | Network Security | Network Outsourcing | VoIP

   © 1999 - 2006 CompStar Technologies, All Rights Reserved.