Top 10 Excuses for Not Improving Security
George Toft
plug-discuss@lists.plug.phoenix.az.us
Sat, 28 Sep 2002 00:07:53 -0400
[Borrowed heavily from http://www.itsa.ufl.edu]
Top 10 Excuses for Not Improving Security
10. It's just a test box.
...Any host connected to the network is vulnerable to attack.
9. The host administrator is on vacation.
...Compromised hosts will be blocked, and youll lose service.
8. I didnt know that service was running on that machine.
...Request a vulnerability scan from Network Services.
7. I just installed that computer 10 minutes ago.
...The Internet is flooded with thousands of attacks every second.
6. That host doesn't have anything important on it, so its not a
target.
...Hackers aren't picky. Any vulnerable host is an appealing launching
pad.
5. A faculty member, not the administrator, maintains that host.
...All hosts connected to the network should be managed by a qualified
IT worker.
4. I don't have enough time.
...Is there enough time to recover from an incident?
3. I don't have enough money.
...Are there enough funds to recover from an attack?
2. I didn't know there was a patch for that bug.
...Keep informed by monitoring news, lists and vendor Web sites.
And the number one excuse for not improving computer security?
1. I don't know very much about security.
...That's easy. Ask your Computer Security Department or your local
Linux User Group.