Mistakes made by common/end users
* Opening or downloading e-mail attachments without verifying their source and checking their content first.
* Not installing an Anti-Virus software or regular update for the same.
* Not having updated security patches for the Operating System or for any other application installed in the computer.
* Installing programs or games from unknown sources.
* Not keeping proper backups
* Using an unsecured modem while connected through a local area network.
* Using USB or other removal device without proper virus scanning
* Accessing Intranet or visiting important or secured websites from an unsecured computer from a remote location. Ex. Cyber café.
* Sharing passwords or important network information with friends or strangers on a very informal platform.
Mistakes made by Business owners / Senior Executives
* Hiring people without a proper background check on them.
* Assigning people with limited knowledge to maintain information assets
* Providing neither the training nor the time to make it possible to learn and do the job.
* Lack of IT domain understating for the top executive, resulting a very casual approach towards IT security.
* Failing to realize the impact of a security breach in terms of Money, Time and more over reputation at risk.
Mistakes made by Information Security Department/Team
* Underestimating the capability of others, namely Hackers.
* Implementing solutions without investigating known security threats or bugs of the same.
* Limited or no security Audits.
* Keeping easy physical access to information assets for end user or a stranger.
* Improper logging or backup of data for foot print record, in case of a security breach.
* Failing to update systems against new bugs/virus found.
* Concentrating on very few selected issues, rather than taking all of them seriously.
* Having a reactive approach than a proactive approach.
* Making a few fixes and then not performing the necessary action to ensure the problems stay fixed.
* Making servers live/production before securing them.
* Connecting servers to the Internet with default accounts/password or password provided by vendors during installation/implementation.
* Failing to update systems when security holes are found.
* Using telnet and other unencrypted protocols for managing systems, routers, firewalls, and PKI.
* Giving users passwords over the phone or configuration information
* Failing to maintain and test backups.
* Running unnecessary services on the live server. Keeping unnecessary ports available to the users.
* Implementing firewalls with faulty rules.
* Failing to educate users on what to look for and what to do when they see a potential security problem.
* Giving too much information or a very complex access system to an end user. Providing users with too many usernames & password and making things difficult for the user to manage the same.
Mistakes made by law enforcing / regulating authority
* A reactive approach rather than a proactive approach.
* Lack of knowledge / information about the cyber crime & the effect of the same.
* Judicial system: No or lack of domain knowledge on the information security system.
* Lack of infrastructural support & training to handle Cyber crime.
* Lack of co-ordination between Internet service providers & law enforcing agencies.
* Not much control over the internet usage & internet community at large.
Friday, January 23, 2009
Thursday, January 1, 2009
What a StArT
Day one of a new year. At Nettech its just another day. Life is just a bit different here - we start the day with a happy note - a theory test, 20 minutes 25 marks.
One will wonder what we did last night, I mean 31st night. One has to be bit innovative to think what we did. After a dull test evening (our own Ten-10), we assembled for a camp fire. Fire was readily available, but woods came after a proper Age-Of-Empire wood collection style. Some went Scouting, some went for Supply chain. It was different, different than any party in any part of the world. One has to be there to feel it.
As far as the Music System & Live band, one cant match all the Network Engineers, they just know how to start & forward. All type of packet .. ooops sorry Song.. Bengali, Telugu, Bhojpuri, Malayalam, English & our very own HINDI style. Life was different.
Oh - forgot to mention after the Camp fire one really needs to consult Sharlok Holmes, to find out where the original camp fire was. Thats Nettech Team.
Do let me know your feedback.
Oh- one more today for a change we will have a movie show.. what movie.. that me to know & you to guess.
Enjoy..
HaPpY nEw YeAr
Swapan Purkait
One will wonder what we did last night, I mean 31st night. One has to be bit innovative to think what we did. After a dull test evening (our own Ten-10), we assembled for a camp fire. Fire was readily available, but woods came after a proper Age-Of-Empire wood collection style. Some went Scouting, some went for Supply chain. It was different, different than any party in any part of the world. One has to be there to feel it.
As far as the Music System & Live band, one cant match all the Network Engineers, they just know how to start & forward. All type of packet .. ooops sorry Song.. Bengali, Telugu, Bhojpuri, Malayalam, English & our very own HINDI style. Life was different.
Oh - forgot to mention after the Camp fire one really needs to consult Sharlok Holmes, to find out where the original camp fire was. Thats Nettech Team.
Do let me know your feedback.
Oh- one more today for a change we will have a movie show.. what movie.. that me to know & you to guess.
Enjoy..
HaPpY nEw YeAr
Swapan Purkait
Subscribe to:
Posts (Atom)
