Top 10 Excuses for Not Improving Security

Jay plug-discuss@lists.plug.phoenix.az.us
Fri, 27 Sep 2002 22:30:32 -0700 (MST) 

Great list, George. On a similar note, it reminded me of a "10 Common
Myths versus Facts of Network Security" writing I did. Mine is more from
an end-user perspective (as opposed to a sysadm), but it's in the same
general ballpark:

  http://edgeos.com/myths.html

  :)

~Jay



On Sat, 28 Sep 2002, George Toft wrote:

> [Borrowed heavily from http://www.itsa.ufl.edu]
>
>
> Top 10 Excuses for Not Improving Security
>
> 10. It's just a test box.
> ...Any host connected to the network is vulnerable to attack.
>
> 9. The host administrator is on vacation.
> ...Compromised hosts will be blocked, and youll lose service.
>
> 8. I didnt know that service was running on that machine.
> ...Request a vulnerability scan from Network Services.
>
> 7. I just installed that computer 10 minutes ago.
> ...The Internet is flooded with thousands of attacks every second.
>
> 6. That host doesn't have anything important on it, so its not a
> target.
> ...Hackers aren't picky. Any vulnerable host is an appealing launching
> pad.
>
> 5. A faculty member, not the administrator, maintains that host.
> ...All hosts connected to the network should be managed by a qualified
> IT worker.
>
> 4. I don't have enough time.
> ...Is there enough time to recover from an incident?
>
> 3. I don't have enough money.
> ...Are there enough funds to recover from an attack?
>
> 2. I didn't know there was a patch for that bug.
> ...Keep informed by monitoring news, lists and vendor Web sites.
>
> And the number one excuse for not improving computer security?
>
> 1. I don't know very much about security.
> ...That's easy. Ask your Computer Security Department or your local
> Linux User Group.
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change  you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>

-- 

== Jay Jacobson
== Edgeos, Inc. - Security is Critical - http://www.edgeos.com
== We help you to easily get control of your network's security.
== ...or some hacker can just take control instead. You decide.