Results 1 to 8 of 8

Thread: The 21 Best Ways to Lose Your Information.

  1. #1
    Senior Member
    Join Date
    Nov 2001
    Posts
    742

    The 21 Best Ways to Lose Your Information.

    The 21 Best Ways to Lose Your Information

    Have you ever wondered what the best ways are to get hacked, be adversely affected by disasters, or otherwise lose information stored on your computer systems? Here, in no particular order, are the 21 best ways to not secure your systems:


    1. Don't pay attention to or even bother to understand what you're trying to protect.

    2. Leave your databases, especially those containing credit card or other confidential information, unencrypted. And be sure to store them on publicly accessible servers.

    3. Don't patch your software or update your virus signatures, and never, ever run vulnerability assessments to detect newly discovered software flaws and system misconfigurations. It's just too time-consuming.

    4. When an employee quits or is let go, leave his network log-ins and e-mail accounts enabled. You never know when he might want to check in on things.

    5. Don't create any security policies that document how you're safeguarding your information to protect your organization and clients from information disasters and legal liabilities.

    6. If you do happen to have a security policy, never refer to it, enforce it, update it or do what it says.

    7. Completely outsource your information security initiatives. There's no need for anyone inside your organization to worry about such matters.

    8. By all means, don't take an inventory of your information systems or document your network.

    9. Apply the principle of greatest privilege. Give all users the greatest amount of access to your information systems. Everyone should have access to everything -- it's only fair, right?

    10. Rely solely on technology. Firewalls, encryption and antivirus software are all you need to protect your information.

    11. Run your business without disaster recovery and business continuity plans. After all, you can think clearly and make critical decisions under pressure, right?

    12. Don't monitor your systems. They'll be fine running by themselves, and if anything major happens with the integrity or availability of your information, you'll be notified automatically, won't you?

    13. Don't back up your data, but if you must, don't test your backups. Also, leave your backup media on-site -- preferably sitting on top of an uninterruptible power supply.

    14. Leave your operating systems and software applications with the default settings. System hardening is for the birds.

    15. Respond to hacker attacks, viruses and other intrusions as they happen -- don't be proactive in dealing with them.

    16. Use passwords that consist of your pet's name, your name, your mom's maiden name, or your birthday. That way, you won't forget them. Better yet, just use "password" for your passwords. Also, don't forget to write them down and post them on your monitor or keyboard.

    17. Don't subscribe to security bulletins and mailing lists, and don't ever read information security trade magazines.

    18. Leave your servers and network equipment in a room to which everyone, including outsiders off the street, has access.

    19. Don't train your users on your security policies and what to look out for, such as unsolicited e-mail attachments and common hacker activities. Your users can't be burdened with more training.

    20. Ignore all known best practices and international information security standards from the International Standards Organization, Internet Engineering Task Force, SANS Institute and your local information security consultant, to name a few.

    And finally...

    21. Don't, under any circumstances, get upper management involved in information security initiatives. They're business-focused and shouldn't be bothered or even care about technology or the liabilities associated with their information, right?


    If you follow these practices, you'll ensure that your computer systems will be a safe haven for hackers, viruses, disgruntled employees and the like. You'll be able to go to work every day with a feeling of excitement knowing that there's a good chance your company's data will be gone when you get there. It's only a matter of time, and yes, it's really this easy.


    By KEVIN BEAVER, Source: Computerworld (April 12, 2002).

  2. #2
    Senior Member
    Join Date
    Feb 2002
    Posts
    114
    Sounds like the college where i work
    [pong][gloworange]665[/gloworange] Next door to the [glowpurple]devil[/glowpurple][/pong]

  3. #3
    Senior Member
    Join Date
    Oct 2001
    Posts
    293
    lol.... I actually think some admins uses this and they still get paid GOOD... scary world, lmao.
    nice post
    zion1459
    Visit: http://www.cpc-net.org
    \"Software is like sex: it\'s better when it\'s free.\" -Linus Torvalds

  4. #4
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,883
    Don't, under any circumstances, get upper management involved in information security initiatives. They're business-focused and shouldn't be bothered or even care about technology or the liabilities associated with their information, right?
    So what happens when they won't get involved? The upper management here won't spend money to upgrade the ole 386 machines I still have to maintain. Let alone trying to get them involed in soething as "frivolus" as computer security.
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  5. #5
    Senior Member
    Join Date
    Nov 2001
    Posts
    742
    So what happens when they won't get involved? The upper management here won't spend money to upgrade the ole 386 machines I still have to maintain. Let alone trying to get them involed in soething as "frivolus" as computer security.
    A good question .

    Were I work they don't understand anything about computer security (upper management). They only sees the money and starts screem when they see the price tab from my projects, and then another question. How to convince a non technical staff that you need the right equipment and founds for it and at the same time tell that this application will not bring in money to the company ?

    - "Security is expensive and why bother when we can't make any money!"

  6. #6
    Senior Member
    Join Date
    Feb 2002
    Posts
    114
    "Security is expensive and why bother when we can't make any money!"
    Sorry but i don't agree with that statement.

    Sec can be expensive but it doesn't have to be it all depends on how the system is configured in the first place. If it aint configured well then it aint secure. If it aint secure it is gonna cost alot.

    It also depends on what systems a company is running and what the company does.

    There is two ways to start a security strategy OPTEMISTIC or PESSIMISTIC

    I am PESSIMISTIC
    In my way of thinking the top three stages of security should be

    1. Physical - Lock Servers away - only people who need access can have it
    2. User control - see what each user does and what files they need to have access to.
    3. Protect the network with firewalls and antivirus also a anonymous proxy would be a good idea.

    Anyway thats my opinion

    Damien
    [shadow]=o)[/shadow]
    [pong][gloworange]665[/gloworange] Next door to the [glowpurple]devil[/glowpurple][/pong]

  7. #7
    Senior Member
    Join Date
    Nov 2001
    Posts
    742
    - "Security is expensive and why bother when we can't make any money!"
    This is what our upper management thinks when they see what everything costs. They only can see graphs of income and expences. They can't imagine what a security whole can cost the company if (when) something happens. But Im sure that they know who to blame if (when) something happens .

    Sorry but i don't agree with that statement.
    Neither am I but this is the opinion in our company.

  8. #8
    Senior Member
    Join Date
    Feb 2002
    Posts
    114
    It wasn't a flame just expressing my opinion glad that you agree though.

    I was once part of a roll out team at consignia (british royal mail) and we tested there new system (database) over and over again showing all the flaws and vunerabilities the funny thing was i was only supposed to be on the phones doing cust support 'Hi ive lost my mail' calls etc.

    And i ended up testing software and crashing it repeatadly.

    More companies need to wisen up re security but they wont UNTIL its too late.
    [pong][gloworange]665[/gloworange] Next door to the [glowpurple]devil[/glowpurple][/pong]

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •