Re: My Solution to Securing Windows 98, ME Against Network Modification and Spying, using Linux.

• Previous message: Sam Pro: "Nessus"
• In reply to: Simon: "Re: My Solution to Securing Windows 98, ME Against Network Modification and Spying, using Linux."
• Next in thread: Lanwench [MVP - Exchange]: "Re: My Solution to Securing Windows 98, ME Against Network Modification and Spying, using Linux."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 27 May 2003 19:41:50 -0700

The Five Worst Security Mistakes End Users Make

Failing to install anti-virus, keep its signatures up to date, and apply it to
all files.
Opening unsolicited e-mail attachments without verifying their source and
checking their content first, or executing games or screen savers or other
programs from untrusted sources.
Failing to install security patches-especially for Microsoft Office, Microsoft
Internet Explorer, and Netscape.
Not making and testing backups.
Using a modem while connected through a local area network.
The Seven Worst Security Mistakes Senior Executives Make

Assigning untrained people to maintain security and providing neither the
training nor the time to make it possible to learn and do the job.
Failing to understand the relationship of information security to the business
problem-they understand physical security but do not see the consequences of
poor information security.
Failing to deal with the operational aspects of security: making a few fixes and
then not allowing the follow through necessary to ensure the problems stay fixed

Relying primarily on a firewall.
Failing to realize how much money their information and organizational
reputations are worth.
Authorizing reactive, short-term fixes so problems re-emerge rapidly.
Pretending the problem will go away if they ignore it.
The Ten Worst Security Mistakes Information Technology People Make

Connecting systems to the Internet before hardening them.
Connecting test systems to the Internet with default accounts/passwords
Failing to update systems when security holes are found.
Using telnet and other unencrypted protocols for managing systems, routers,
firewalls, and PKI.
Giving users passwords over the phone or changing user passwords in response to
telephone or personal requests when the requester is not authenticated.
Failing to maintain and test backups.
Running unnecessary services, especially ftpd, telnetd, finger, rpc, mail,
rservices
Implementing firewalls with rules that don't stop malicious or dangerous
traffic-incoming or outgoing.
Failing to implement or update virus detection software
Failing to educate users on what to look for and what to do when they see a
potential security problem.
And a bonus, number 11: Allowing untrained, uncertified people to take
responsibility for securing important systems.

Simon wrote:

> As a security consultant I have seen more so called administrators creating
> security risks than users. So should that be SCA. It's easy to blame the
> user but if the administrators don't understand security and don't create an
> environment in which the risks are reduced how can you expect a user to know
> any better.
> What about Security Awareness, Policy, Procedure, Best Practise etc.
>
> Simon
>
> "Susan Bradley, CPA aka Ebitz SBS Rocks [MVP]" <sbradcpa@pacbell.net> wrote
> in message news:3ED15511.11CF9E08@pacbell.net...
> > SCU's. SCU's are the bane of every company, cause all security issues,
> > all vulnerabilties, and are the root of most security issues..... what are
> > SCU's? Stupid Computer Users. They open email attachments, the don't
> > update their A/V software, they want to run Kazaa in their system, they
> > download spyware programs....etc...etc...
> >

• Previous message: Sam Pro: "Nessus"
• In reply to: Simon: "Re: My Solution to Securing Windows 98, ME Against Network Modification and Spying, using Linux."
• Next in thread: Lanwench [MVP - Exchange]: "Re: My Solution to Securing Windows 98, ME Against Network Modification and Spying, using Linux."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: My Solution to Securing Windows 98, ME Against Network Modification and Spying, using Linux. ... Failing to install security patches-especially for Microsoft Office, ... The Seven Worst Security Mistakes Senior Executives Make ... Failing to understand the relationship of information security to the business ... (microsoft.public.security) RE: Web Service not working on web server ... failing because of a security issue? ... "Robert Bull" wrote: ... > on my local machine. ... (microsoft.public.dotnet.languages.vb) Re: Error code Ox643 (KB928366) ... MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002 ... begins to install Service Pack 1, it will probably stop and say: ... The failing with KB928366 has just started. ... live update is just maintenance against that or is KB928366 the maintenance ... (microsoft.public.windowsupdate) Re: Office 2003 failed, log attached ... but the Office installation was failing before and ... I don't want user interaction because of the security ... risks but it just helped to solve the problem. ... (microsoft.public.sms.swdist) ISO 27001 Newsletter: Edition 17 Released ... The latest issue of the newsletter covering the ISO information ... news and background with respect to the ISO security standards. ... Trials and Tribulations of an Information Security Officer ... Business Continuity Management: Preparation and Risk ... (comp.security.misc)