Comments: The following describes the Common Omissions in the TEN network security settings, no matter how much effort we make, end users, or even enterprise IT departments, security omissions that are easily corrected will still be ignored. This article will discuss with you 10 Security omissions that can be avoided and tell you how to correct such negligence.
1: Use a weak password
For a while, some people use "password" as their own passwords to fool hackers and other malicious elements who do everything possible to guess the passwords. After all, many people do not use such obvious words as passwords. Nowadays, many people realize that the security implemented by such a password is really fragile, but still many people are willing to use this simple and easy-to-guess password, especially in today's highly social networks. For example, someone may use their name abbreviations and birthdate as their passwords, and this information data can be easily obtained through Facebook or other channels, A malicious hacker only needs to combine a small amount of information to crack the password. Even in some enterprises with strong password policies, such a weak password exists if someone exists.
Solution: do not set the password in an explicit mode. Mix various factors, such as replacing digit 1 with an exclamation point, and replacing digit 8 with an ampersand. The more complex the password is, the less likely it will be to be cracked. If you are setting a password policy for an enterprise, you must use multiple character sets in the password.
2: never change the password
I have seen this too many times. Many people have never changed their passwords for many years, and they are also used for multiple websites. This is a big security vulnerability. In enterprises, even if there is a password modification policy, many employees can still find a way to bypass this policy. For example, an employee in my company who has the domain administrator privilege excludes his account from the password policy. I severely criticized him and asked him to put his account into the password policy. (later, I felt that he should be dismissed because he abused his rights ). Of course, the situation I mentioned may be quite special, but we can think about how many people are using the same or similar passwords to access different websites? When the password must be changed, does a lot of people just change one character to meet the mandatory requirements of the password policy?
Solution: train employees or users to know how important a strong password is and why they need to change it regularly. As part of the password policy, you can also consider using third-party software to prohibit users from using similar passwords to cope with the mandatory requirements of the password policy.
3: No anti-virus software is installed.
This negligence can be completely avoided. If anti-virus software is not installed in your work environment, you are really wrong. Even if you have the best firewall, remember the level of security barriers. Once the firewall does not successfully intercept malicious code, the anti-virus software will become the final barrier of the terminal system.
Solution: Install anti-virus software immediately.
4: Firewall is not used or the settings are not rigorous
Firewall devices should be used at home or in enterprise IT environments. Although Windows and other operating systems now have built-in firewalls, I suggest you purchase a hardware firewall device or similar device. The hardware firewall works with the software firewall, is the best security solution. In addition, if you use a firewall, you must strictly set it.
Solution: Firewall hardware is deployed either at home or in an enterprise environment. Make sure that the firewall does not allow unnecessary data to flow into the Intranet environment from outside.
5: Never patch the system
There is a reason why operating system developers and application developers regularly release patches. Although many upgrades or updates are designed to add new features, there are still many updates purely designed to compensate for system and software security vulnerabilities. I have seen many home computer systems in which users have disabled the automatic system update option. In the enterprise environment, people often feel that the network edge has a firewall, so they do not need to install upgrade patches for the system. This is not correct, because many Attack codes will access the enterprise intranet through firewall protection.
Solution: patch the system! Enable the automatic update function of the system and software, and immediately create a patch management policy for the enterprise and implement it.
6. Insecure Data Storage
How much sensitive data (such as personal information and company business data) are stored in a USB flash drive? Have you ever taken a USB flash drive with sensitive information? I have seen many people use USB flash drives as key chains and move around with them. Sometimes, the USB flash drive and the key are put together on the dining room's dining table and you forget to take it away.
How many people will back up their enterprise data on tape? Will these tapes be moved out of the backup location, and is this process under your control?
Unprotected data is a major security issue. A simple loss of a USB flash drive, laptop, iPad, or backup tape will face huge challenges in finance, justice, and public relations.
Solution: encrypt and save any removable storage data. Most backup software supports encryption of backup data, such as BitLocker and BitLocker To Go, which can be used To protect laptops and USB disks. For other devices, such as iPad, you can use mobile security management software to encrypt and save the data.
7: Too generous Permissions
In an enterprise environment, permissions determine what a user can do and cannot do. To allow employees to work smoothly, the simplest way is to grant them administrator permissions so that they can access all the content on the enterprise network. However, this method will soon cause confusion. Therefore, most companies grant appropriate permissions to employees through permission policies based on their working relationships. Unfortunately, even with this policy, permissions still spread. For example, if an employee is transferred from one position to another, the previous permissions are not removed.
Solution: Make ensures that enterprise applications have clear permission management policies. The permission management policies and implementation methods of enterprises should be reviewed and adjusted on a regular basis to meet the current needs of enterprises. Remove unnecessary permissions in a timely manner.
8: weak or no Wi-Fi Security Settings
Even now, many people know that open Wi-Fi networks pose great security risks. Many families or enterprises still keep their wireless networks open and insecure. In addition, due to the popularity of WEP encryption methods, there are still many networks using this encryption authentication method, but this method is not secure, and the WEP password can be cracked in four seconds. However, this is more secure than fully open wireless networks.
Solution: use WPA or more advanced WPA2 encryption verification measures. WPA2 is a popular wireless network security standard. Most operating systems support this standard. In addition, after the WPA2 standard is adopted, a strong enough password should be set, which should not be easily guessed or easily cracked, otherwise, the best encryption standard is also false. WPA2 encryption may also be cracked, but it is much more difficult to crack WPA2 than to crack WEP or WPA.
9. Ignore simple mobile device security measures
In the next few years, mobile devices will become a paradise for hackers. Mobile digital devices carried by many people store unencrypted personal information, which can be obtained by hackers in a short time. In addition, such devices are easily stolen or lost. As mentioned above, you should pay attention to the information stored on mobile devices and delete or encrypt sensitive information. However, the use of the networking function of mobile devices to access the enterprise network and steal information still occurs.
Solution: although simple, it is necessary to use a password to log on when a mobile device attempts to access the enterprise network. Although this method cannot keep up with preventing mobile devices from stealing enterprise network data, it will make it difficult for those who occasionally obtain mobile devices.
10: Never check backups
Let us assume that all the security mechanisms of an enterprise are ineffective. Enterprise Data and networks have been severely infiltrated and damaged, and the systems and data are no longer reliable. At this time, the only thing you can do is back up the data to restore the entire environment. However, if you encounter the following situations, it is irrecoverable for the enterprise:
The backup data is corrupted.
The backup tape is damaged.
Although the backup system records backup data on tape every night, no data is actually backed up.
Any one of the above is a fatal blow to enterprises.
Solution: immediately develop and implement corresponding policies and work procedures, and regularly check backup data. In addition, you need to add an additional backup system to back up the backup data again and store it in an isolated network environment to prevent the backup data from being damaged when the enterprise network suffers a hacker attack.