|10-22-2012 01:58 PM|
Interesting thoughts, Marfig!
I personally agree that we have been patching the old tech for far too long. IPv4 and SSL are perfect examples.
But what amazes me is how WELL some of the old security protocols still hold up, like SSH and Kerberos. The majority of security holes are created by people assuming that things set up in a default install ARE secure...and not knowing differently to fix it.
I really can't believe I'm saying this, but one of the BEST things a small office can do is to buy Microsoft Small Business Server, and initialize ActiveDirectory. There will be a write-up of AD coming soon, but it's one of the most powerful tools you can use to control your network.
|10-22-2012 06:05 AM|
The biggest problem with small businesses approach to security is the lack of technical know-how. Big corporations tend to hire the best professionals on the field. And tend to hire them in good enough numbers so that all collaborate towards the same goal. Small businesses however can usually only afford to hire professionals with limited resumes. This when they actually hire anyone with the IT acronym somewhere in their resume. Often it ends up being instead the tech savy guy in the office that does it. Other times, they simply go for small companies providing some manner of IT services, with questionable maintenance contracts and even more questionable quality of service.
Seems contradictory that the smaller you are, in terms of computer infrastructure, the more likely you are to be less secure. And it is contradictory, in fact. In a technical perspective this doesn't make sense. After all, it's exactly the complexity of your networking services that increase the complexity of the security requirements.
What this goes to show is that we are in desperate need of some sort of technological jump. The things that can be done today with a computer and a cable are simply awesome. We can sell stuff to people on the other side of the planet, we can communicate over text, voice and video. We can track information in real time. We can remotely store information at a fraction of the cost it would take to store it locally. We can guarantee data isn't going to ever be lost (short of a global society breakdown event). However we are doing it still on top of very old communication protocols which offer little to no defense against intrusion, theft, or corruption. As we keep adding layers over layers of innovation to how we use these communication protocols, we will in fact increase the paradox described in this article for the simple reason that the defensive mechanisms become increasingly more complex and, above all, more expensive.
What has actually evolved over the years is how we use old communication protocols. The protocols themselves have evolved little. Like with cars, we have been building better, faster and feature richer cars, but they all still run on the same highly inefficient combustion engines of over a century ago. Granted some sort of positive changes have been happening to TCP/IP for instance (engines are better today too than they were 30 years ago). But in no way this progress constitute a technological advancement the likes of which could change the current IT security landscape.
We need new technology, not stretching old technology until one day it finally breaks.
Of course, easier said than done. The problem is not coming up with higher security protocols nearly impossible to fool with. They exist. The problem is shifting an entire global infrastructure to these new protocols. We moved to fast and before we noticed we had an entire world built of straw houses. People are living in them and it's very complicated now to just build brick houses for everyone.
It's a sad state of affairs. But one that no one can really be blamed. It's just how it happened and it was inevitable. The 8th security F-Up small offices make is trying to use the internet to provide or access services they don't have the ability to secure.
|10-21-2012 09:05 PM|
This has proven to be our most popular article in a good while, and there's just ONE comment? Sheesh!
|10-19-2012 01:22 AM|
|DarkStarr||Yea WPS sucks. It was the first thing I disabled on my router. Also not running the default info is obvious (IMO) I did however on this lame switch/router that claimed to have a dumb switch mode but it never worked right. So much easier with a true switch running gigabit to the gigabit router|
|10-18-2012 10:50 PM|
SysAdmin Corner: 7 Network Security F-Ups Small Offices Make
It's easy to overlook that huge corporations are far less dangerous than the small business you deal with each and every day with regards to information theft. Some institutions have treasure troves of information on you that can far exceed the "big fish". If you work in a SMB, you can't afford to have your info stolen, so read on for some important tips.
Is your office secure? Is it really? Find out for sure by reading through Brett's in-depth look at common mistakes made in small and medium businesses all over, and then discuss it here.
Have other tips and suggestions? We'd love to hear them!