Latest Forum Posts

Latest News Posts
Coming Soon!
Social
Go Back   Techgage.com > Archives > Reviews and Articles

Reviews and Articles Discussion for Techgage content is located here. Only staff can create topics, but everyone is welcome to post.

Reply
 
Thread Tools
Old 10-18-2012, 11:50 PM   #1
Rob Williams
Editor-in-Chief
 
Rob Williams's Avatar
 
Join Date: Jan 2005
Location: Atlantic Canada
Posts: 13,353
Default SysAdmin Corner: 7 Network Security F-Ups Small Offices Make

It's easy to overlook that huge corporations are far less dangerous than the small business you deal with each and every day with regards to information theft. Some institutions have treasure troves of information on you that can far exceed the "big fish". If you work in a SMB, you can't afford to have your info stolen, so read on for some important tips.

Is your office secure? Is it really? Find out for sure by reading through Brett's in-depth look at common mistakes made in small and medium businesses all over, and then discuss it here.

Have other tips and suggestions? We'd love to hear them!
__________________
Intel Core i7-3960X, GIGABYTE G1.Assassin 2, Kingston 16GB DDR3-2133, NVIDIA GeForce GTX 770 2GB
Kingston HyperX 3K 240GB SSD (OS, Apps), WD VR 1TB (Games), Corsair 1000HX, Corsair H70 Cooler
Corsair 800D, Dell 2408WFP 24", ASUS Xonar Essence STX, Gentoo (KDE 4.11. 3.12 Kernel)

"Take care to get what you like, or you will be forced to like what you get!" - H.P. Baxxter
<Toad772> I don't always drink alcohol, but when I do, I take it too far.


Rob Williams is offline   Reply With Quote
Old 10-19-2012, 02:22 AM   #2
DarkStarr
Tech Monkey
 
DarkStarr's Avatar
 
Join Date: Apr 2010
Posts: 634
Default

Yea WPS sucks. It was the first thing I disabled on my router. Also not running the default info is obvious (IMO) I did however on this lame switch/router that claimed to have a dumb switch mode but it never worked right. So much easier with a true switch running gigabit to the gigabit router
__________________
Intel Core i7 2700k (4.8 @ 100x48) Watercooled - 16GB Crucial Ballistix @ 1600 Mhz 9.9.9.24 2T
8GB
Corsair Vengeance @ 1600 Mhz 9.9.9.24 2T - Asus Sabertooth P67
- Asus Radeon 7970 Ref. (Non Ghz)
Heatkiller 79xx Ni-Bl (Soon) @ 1050/1500
- 64Gb Crucial M4 SSD - 3x Hitachi 1Tb - Corsair TX950W
Azza Genesis 9000B - 2x Samsung SyncMaster S27A550H - Vizio 32" LCD

DarkStarr is offline   Reply With Quote
Old 10-21-2012, 10:05 PM   #3
Rob Williams
Editor-in-Chief
 
Rob Williams's Avatar
 
Join Date: Jan 2005
Location: Atlantic Canada
Posts: 13,353
Default

This has proven to be our most popular article in a good while, and there's just ONE comment? Sheesh!

Quote:
Originally Posted by DarkStarr View Post
Yea WPS sucks. It was the first thing I disabled on my router. Also not running the default info is obvious (IMO) I did however on this lame switch/router that claimed to have a dumb switch mode but it never worked right. So much easier with a true switch running gigabit to the gigabit router
I agree, but not everyone has the ability to keep plugged in all the time ;-)
__________________
Intel Core i7-3960X, GIGABYTE G1.Assassin 2, Kingston 16GB DDR3-2133, NVIDIA GeForce GTX 770 2GB
Kingston HyperX 3K 240GB SSD (OS, Apps), WD VR 1TB (Games), Corsair 1000HX, Corsair H70 Cooler
Corsair 800D, Dell 2408WFP 24", ASUS Xonar Essence STX, Gentoo (KDE 4.11. 3.12 Kernel)

"Take care to get what you like, or you will be forced to like what you get!" - H.P. Baxxter
<Toad772> I don't always drink alcohol, but when I do, I take it too far.


Rob Williams is offline   Reply With Quote
Old 10-22-2012, 07:05 AM   #4
marfig
No ROM battery
 
marfig's Avatar
 
Join Date: May 2011
Posts: 784
Default

Quote:
Originally Posted by Rob Williams View Post
This has proven to be our most popular article in a good while, and there's just ONE comment? Sheesh!
The problem it's so well written and so final in the way it covers the topic (that is, considering is describes 7 common mistakes) that there is little else that can be said

The biggest problem with small businesses approach to security is the lack of technical know-how. Big corporations tend to hire the best professionals on the field. And tend to hire them in good enough numbers so that all collaborate towards the same goal. Small businesses however can usually only afford to hire professionals with limited resumes. This when they actually hire anyone with the IT acronym somewhere in their resume. Often it ends up being instead the tech savy guy in the office that does it. Other times, they simply go for small companies providing some manner of IT services, with questionable maintenance contracts and even more questionable quality of service.

Seems contradictory that the smaller you are, in terms of computer infrastructure, the more likely you are to be less secure. And it is contradictory, in fact. In a technical perspective this doesn't make sense. After all, it's exactly the complexity of your networking services that increase the complexity of the security requirements.

What this goes to show is that we are in desperate need of some sort of technological jump. The things that can be done today with a computer and a cable are simply awesome. We can sell stuff to people on the other side of the planet, we can communicate over text, voice and video. We can track information in real time. We can remotely store information at a fraction of the cost it would take to store it locally. We can guarantee data isn't going to ever be lost (short of a global society breakdown event). However we are doing it still on top of very old communication protocols which offer little to no defense against intrusion, theft, or corruption. As we keep adding layers over layers of innovation to how we use these communication protocols, we will in fact increase the paradox described in this article for the simple reason that the defensive mechanisms become increasingly more complex and, above all, more expensive.

What has actually evolved over the years is how we use old communication protocols. The protocols themselves have evolved little. Like with cars, we have been building better, faster and feature richer cars, but they all still run on the same highly inefficient combustion engines of over a century ago. Granted some sort of positive changes have been happening to TCP/IP for instance (engines are better today too than they were 30 years ago). But in no way this progress constitute a technological advancement the likes of which could change the current IT security landscape.

We need new technology, not stretching old technology until one day it finally breaks.

Of course, easier said than done. The problem is not coming up with higher security protocols nearly impossible to fool with. They exist. The problem is shifting an entire global infrastructure to these new protocols. We moved to fast and before we noticed we had an entire world built of straw houses. People are living in them and it's very complicated now to just build brick houses for everyone.

It's a sad state of affairs. But one that no one can really be blamed. It's just how it happened and it was inevitable. The 8th security F-Up small offices make is trying to use the internet to provide or access services they don't have the ability to secure.
__________________
NOX COOLBAY Side Window Black; NOX Apex 600w Modular; ASUS P7P55D-E Socket 1156, Sata 6Gb/s & USB 3.0;
Intel Quad Core i5 760 2.80 Ghz @ 3.60 Ghz, 8 Mb de cache; Gskill Ripjaws 4 Gb DDR3 1600 Mhz CL8 Dual Channel;
ASUS GEFORCE GTX 560 TI DC II 1024MB GDDR5; Samsung 1 Tb 32 Mb SpinPoint F3; NEC 24x Sata black
Artic Cooling Freezer 7 Pro Rev.2;
2x Samsung SyncMaster S43NW 8000:1 (1440x900)
Logitech K120 Keyboard and Logitech Performance Mouse MX

Last edited by marfig; 10-22-2012 at 07:24 AM.
marfig is offline   Reply With Quote
Old 10-22-2012, 02:58 PM   #5
Brett Thomas
Senior Editor
 
Join Date: Apr 2009
Posts: 164
Default

Interesting thoughts, Marfig!

I personally agree that we have been patching the old tech for far too long. IPv4 and SSL are perfect examples.

But what amazes me is how WELL some of the old security protocols still hold up, like SSH and Kerberos. The majority of security holes are created by people assuming that things set up in a default install ARE secure...and not knowing differently to fix it.

I really can't believe I'm saying this, but one of the BEST things a small office can do is to buy Microsoft Small Business Server, and initialize ActiveDirectory. There will be a write-up of AD coming soon, but it's one of the most powerful tools you can use to control your network.
Brett Thomas is offline   Reply With Quote
Reply

Tags
None

Thread Tools

Posting Rules
You may not post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
SysAdmin Corner: Demystifying RAID Rob Williams Reviews and Articles 12 09-27-2012 02:33 PM
How to Make Your Own Cat5e Network Cable Rob Williams Reviews and Articles 8 08-15-2012 04:40 PM
Zune 2 Just Around the Corner? Rob Williams General Hardware 6 11-27-2007 04:57 PM


All times are GMT -4. The time now is 08:50 PM.