Problem solve Get help with specific problems with your technologies, process and projects.

Security top tens

Top ten lists of security vulnerabilities, fixes, worms and more.

Security is really about knowing what to secure; the more you know about potential vulnerabilities and how to fix them, the more secure your enterprise will be. In this short excerpt from a longer InformIT article, author Ed Tittel examines the steps you need to take to secure your own systems and provides links to tons of other useful information.

The top 10 that's likely to be of most interest to any individual network or system administrator, or IT security professional, is a list of the top known exposures "in the wild" that actually apply to the systems, software and networks that such hard-working professionals must protect and manage.

To a large extent, this means that your real security issues list probably differs from somebody else's list, simply because it's highly unlikely that any two network or system environments completely match up. In other words, avoiding the most likely security threats depends on constant vigilance, coupled with direct knowledge of what's out there on your systems and networks that needs to be kept safe and secure. Thus, the following rounds of activity are essential to help you build and manage your own personal security issues list:

  • Make sure you understand basic security principles, policies and best practices (several in our top 10 list directly address these topics). Any good book on network or system security will cover these topics to some extent, though some such books are better than others (the "Security Bibliography" section provides a brief list of excellent security books).
  • Routinely monitor security advisories (the "Security Advisory Resources" section documents some of the best sources of such information, but you'll also want to research and sign up for or visit vendor-specific security advisory resources).
  • Compare current security advisories against your networks, platforms, hardware and software. Take appropriate action (such as applying necessary patches, fixes or upgrades) as circumstances dictate.
  • In addition to responding to advisories as they come up, schedule and perform regular security assessments of your systems and networks (in more secure or sensitive environments, this often occurs monthly; in less secure or sensitive environments, this should occur two-to-four times yearly). Many organizations also schedule and perform penetration testing and run security scanning software against their environments at the same frequency. You should, too.

Don't get hung up on the number "10," either. Just because Letterman and radio stations track the top 10 doesn't mean that's the exact number of security issues you should handle at any given time. If you're lucky, the actual number will be smaller; if not, it'll be larger, and you'll have more work to do.

Sources of security top 10 information

The following Web sites contain some useful top 10 lists relevant to system and network security topics:

Read more of this article at InformIT. Registration is required but it is free.

This was last published in November 2001

Dig Deeper on Security industry market trends, predictions and forecasts

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.