Technology controls form an essential part of managing your organization's use of technology tools. A balance must be achieved between reducing risks and maximizing efficiency. No one person can have all the right answers, your systems administrator needs access to specialists in security issues. Take a look at what Information Weekly uncovered recently. Issues like:
- Internet
- HTTP CGI scripts can be a grave security risk
- Secure Fire Walls
- Windows File & Print Sharing
- N.T.
- Remote registry access
- SMB services
- Profiles contain sensitive information
- UNIX
- Ping Attacks
- NFS is one of the biggest security weaknesses
- Novell 2.x, 3.x, 4.x
- All data except for passwords are not encrypted when transmitted to the file server
- No audit trails of directories/files accessed and actual security changes made by specific user
- No terminal timeout after a period of inactivity
- No controls to prevent passwords which are easily guessed from being used (i.e., the use of repetitive characters and the
use of commonly used passwords) - Passwords are not automatically synchronized across all file servers when a server is down
- No facility to allow non-privileged users to identify user access entitlements and account restrictions
- Supervisor or Supervisor Equivalent ID required to reactivate suspended IDs
- General
- Guest accounts
- Permissions set improperly
- Remote procedure calls
- Macro runs when document is opened
- File sharing issues
- Passwords in general
- Viruses
Have an independent organisation take a look and make recommendations, it could save your organisation a lot of heartache. |
