Top 10 Excuses for Not Improving Security

[Borrowed heavily from http://www.itsa.ufl.edu]


Top 10 Excuses for Not Improving Security

10. It's just a test box.
...Any host connected to the network is vulnerable to attack.

9. The host administrator is on vacation.
...Compromised hosts will be blocked, and you?ll lose service.

8. I didn?t know that service was running on that machine.
...Request a vulnerability scan from Network Services.

7. I just installed that computer 10 minutes ago.
...The Internet is flooded with thousands of attacks every second.

6. That host doesn't have anything important on it, so it?s not a
target.
...Hackers aren't picky. Any vulnerable host is an appealing launching
pad.

5. A faculty member, not the administrator, maintains that host.
...All hosts connected to the network should be managed by a qualified
IT worker.

4. I don't have enough time.
...Is there enough time to recover from an incident?

3. I don't have enough money.
...Are there enough funds to recover from an attack?

2. I didn't know there was a patch for that bug.
...Keep informed by monitoring news, lists and vendor Web sites.

And the number one excuse for not improving computer security?

1. I don't know very much about security.
...That's easy. Ask your Computer Security Department or your local
Linux User Group.