Tip

Security top tens

Security is really about knowing what to secure; the more you know about potential vulnerabilities and how to fix them, the more secure your enterprise will be. In this short excerpt from a longer InformIT

    Requires Free Membership to View

article, author Ed Tittel examines the steps you need to take to secure your own systems and provides links to tons of other useful information.

The top 10 that's likely to be of most interest to any individual network or system administrator, or IT security professional, is a list of the top known exposures "in the wild" that actually apply to the systems, software and networks that such hard-working professionals must protect and manage.

To a large extent, this means that your real security issues list probably differs from somebody else's list, simply because it's highly unlikely that any two network or system environments completely match up. In other words, avoiding the most likely security threats depends on constant vigilance, coupled with direct knowledge of what's out there on your systems and networks that needs to be kept safe and secure. Thus, the following rounds of activity are essential to help you build and manage your own personal security issues list:

  • Make sure you understand basic security principles, policies and best practices (several in our top 10 list directly address these topics). Any good book on network or system security will cover these topics to some extent, though some such books are better than others (the "Security Bibliography" section provides a brief list of excellent security books).
  • Routinely monitor security advisories (the "Security Advisory Resources" section documents some of the best sources of such information, but you'll also want to research and sign up for or visit vendor-specific security advisory resources).
  • Compare current security advisories against your networks, platforms, hardware and software. Take appropriate action (such as applying necessary patches, fixes or upgrades) as circumstances dictate.
  • In addition to responding to advisories as they come up, schedule and perform regular security assessments of your systems and networks (in more secure or sensitive environments, this often occurs monthly; in less secure or sensitive environments, this should occur two-to-four times yearly). Many organizations also schedule and perform penetration testing and run security scanning software against their environments at the same frequency. You should, too.

Don't get hung up on the number "10," either. Just because Letterman and radio stations track the top 10 doesn't mean that's the exact number of security issues you should handle at any given time. If you're lucky, the actual number will be smaller; if not, it'll be larger, and you'll have more work to do.

Sources of security top 10 information

The following Web sites contain some useful top 10 lists relevant to system and network security topics:


Read more of this article at InformIT. Registration is required but it is free.


This was first published in November 2001

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.