There are many tasks and responsibilities of the (lone) IT sysadmin, they are sometimes varied, sometimes monotonous. We know what they are without thinking about them, as if they are unwritten commandments, specific to the IT world.
Security has featured greatly in the world news over the past few years, and even more so within the IT circles. We have the aspects of social responsibility, who is watching the watchers, how should they be held to account (NSA, GCHQ). We have the more particular stories, such as Heartbleed, and the “simplicity” of gaining information from a system.
Sitting down and reading about the recently highlighted issue surrounding a fake Trojan copy of the popular terminal tool, PuTTY, I realized that over all, we spend a great deal thinking about security within IT systems. But sometimes we don’t think about security in the actions we take, or we forget to think about them.
Who has since checked their copy of PuTTY? I know that I did, as I realized that actions would need to be taken if found to be the Trojan copy. But I know others out there would have read the articles, moved on, not bothered to check. Sometimes, there is a disconnection between the active health of the security of our systems. This can be down to many reasons; usually it comes back to the lack of time, or the inability to implement the suitable system necessary for the company (Cost, lack of investment). However I want this article to remind the sysadmin to check on the basic things;
- Is AV setup on all devices its needed on
- Is there a password policy in place (complexity, time period of use)
- Who are local admins of their own machines
- Has the AV software been updated
- Has the Anti-Spam software been updated
Since starting this article, another security breach has hit the headlines, with LastPass becoming the latest company in a long line, which has been targeted. So now is your opportunity to review your current security practices and also start thinking about what you need to do in the future. For me, I’ve started to move away from deploying just firewalls for businesses, with access line restrictions, now the focus is on proactively monitoring the network traffic, and devices that are able to perform application layer inspection.
We have long seen the days gone by where simple access rules could stop your data been stolen. The code out there is more malicious and more active than every before, it knows how to replicate itself better, how to keep inactive clones of itself, and worse, it can learn how it was detected the first time, to avoid detection the next time. So now more than ever, its important to beef up your security.
That’s it from me, it was just a reminder to double check your systems.