Holes in the Wall

The following security problems often plague sites connected to the Internet. They are listed from most frequent to least frequent.

  • Sites do not dedicate enough resources to improve and maintain security.
  • Network and system support personnel do not have the management support or the authority to deploy appropriate security measures.
  • Vendors still shipping systems with poor default security configurations and customers are still buying these systems even though they know they have security problems.
  • Vendors do not disseminate information regarding patches to their customer sites and sites do not install vendor patches for security problems they do know about.
  • Sites still use a login authentication system which uses reusable passwords or passwords which are transmitted over the net in clear text.
  • Sites with strong Internet security but poor dial-up security.
  • Sites do not monitor or restrict network access to their internal hosts.
  • Sites do not install user accounts in a consistent manner.
  • Sites do not monitor account activity and do not always remove accounts for terminated users.
  • Sites do not place good controls on root and other special system accounts.
  • Sites do not implement/enforce procedures and standards for installing new hosts on their network.

  • Source: Network Security Institute