Tag Archives: Passwords

10 Surefire Ways to Lose Your Sysadmin Job

I just came a across an article that I wanted to discuss. The article is titled “10 security mistakes that will get you fired” written by Roger A. Grimes. I have know too many sysadmins and IT security specialists that have committed at least one or more of these huge mistakes. I’ll cover the highlights here with a link below as well.

Mistake #1 Killing Business Functionality

Although network security is job one to a IT professional, it is not to the company you are working for. Closing down critical business information systems while trying to remediate an intrusion can find you in hot water with management. Just assume management will believe the loss of business systems will outweigh the cost ridding the system from the bad guy.s
Continue reading

10 BYOD policy guidelines for a secure work environment

Bring your own device (BYOD) is no longer simply a buzzword BYOD-300x256or a new trend; it’s reality. And in that reality, almost half of all employees use their own devices to access corporate assets such as network drives, documents, printers, web proxies, social media sites, and personal cloud services. Malware, viruses, theft, unsecured devices, jailbroken devices, and a lack of control put corporate data, intellectual property, and client information at risk. The answer to this problem is to create, to manage, and to enforce BYOD policy guidelines to secure your work environment.
Continue reading

13 New Year’s Resolutions for Every SysAdmin

By Christina Goggi

As the year comes to an end and New Year’s Day is right around the corner, everyone starts to think about their resolutions for the New Year. Unlike those you are bound to break, like “I resolve to go to the gym every day” and “I will never order extra cheese again,” here are 13 New Year’s Resolutions that every SysAdmin should not only make, but actually keep.

1. I will finally get patch management under control.

For far too long, you have had servers you didn’t patch, workstations you couldn’t patch, and no real way to know just what the status was of any specific machine. And third-party apps? Forget about it. You don’t even want to know how many machines are running out of date Flash. Stop the madness. Make this the year you finally get patch management under control and deploy an app that can handle operating systems and third party applications, so you know everything is fully up to date.

2. I will use hard fails in my SPF records.

It’s so simple. Change one little ~ to a – and you’re done. If it actually does break something… Good! No one should be sending email from your company domain that you don’t know about, so do us all a favor and make this the year you finally start to use hard fails in your SPF records.

3. I will change all those passwords I haven’t changed this decade.

I have a favorite password too. I came up with it in 1997 and consider it nigh unbreakable. But I know it’s not, and you know that password that you’ve been using since a Bush was in the White House is well past its prime. Go change those passwords now – especially the ones that half a dozen ex-employees know because it doesn’t really matter how much you trust them. They don’t work here anymore and shouldn’t know service account passwords.

4. I will actually validate my backups, at least once.

We all smile and nod and say “of course you need to test backups by restoring” but let’s be honest… we never really do. Until now. 2014 will be the year that we all validate our backups by restoring data. And I don’t just mean mailbox databases and home directories. We probably have to restore those every other day. I mean the backups of SQL databases and websites and application installs and Active Directory. Go make sure you really do have valid backups you can use to restore, because otherwise 2014 may be the year your luck finally runs out.

5. I will learn PowerShell.

Whether you spend an hour a night, three lunch breaks a week, or take a five-day crash course, make this year the year you finally learn PowerShell. It’s amazing how powerful a scripting language it really is, and Microsoft is fully committed to making it the management interface for all their products. Even if you can’t code a “Hello World,” you can learn PowerShell. Go do it.

6. I will successfully test our DR plan.

Don’t just test your DR plan… successfully test every aspect of it to make sure it really works. If it doesn’t, revise it and test it again. Unless your DR plan is to update monster.com, you really need to know your plan is sound, works 100%, and you really can get everything up and running again quickly and reliably.

7. I will check every UPS, fan, filter, and cooling system.

Take the first day of the new year to walk every row of the datacenter, open every rack, shine a flashlight in, and make sure every fan is really spinning. Replace every air filter, confirm every cooling system, and test every UPS. It may take a day to do all of that, but it’s a day well worth the effort since those are the simple things that can mean the difference between a system continuing to run, and one that dies.

8. I will run monthly vulnerability assessments.

Get an app, schedule the task, run monthly vulnerability assessments against your internal and external systems, and when you find an issue, remediate it. Trust me… the bad guys are scanning you all the time. Make 2014 the year when you finally know just what it is they see, and you don’t have to worry about it, because you have already covered it.

9. I will have 100% antivirus compliance.

Like patching, this is one of those lies we tell ourselves each year. Sure, all my users are running A/V and all my servers have it too. All my exceptions are properly set up for the applications that my company depends upon, and no SysAdmin has turned off A/V because he thinks his app will run faster. No more. This is the year that everything runs antivirus 100 percent of the time, no exceptions.

10. I will better educate my users.

They are your weakest link, and your early warning system. Why do you continue to let them operate in the dark? This is the year you really can do that monthly security newsletter; those brown bag sessions on patching, and convert your users from part of the problem to part of the solution.

11. I will get more proactive.

Nobody likes those phone calls that come in at 15 minutes before quitting time. But they are not quite as bad as the ones that come in at 2:00 in the morning! If you are waiting on tickets to come in and the phone to ring to discover and fix problems, you’re doing it wrong. Get with the times. Implement monitoring on all your systems that can not only tell you when something is broken but warn you before it breaks, so you can address the issues during the regular business day, and take back your nights.

12. I will upgrade all my old Exchange 2003, and Windows 2003 systems

Take a look at that calendar, will you? 2014! Wow, how time flies. I guess I really have got a  great decade worth of service out of those old 2003 bases systems. Since everything from the server operating system to the core applications have gone through two major new releases, it’s time to take anything running a 2003 version and put it out to pasture. They’ve earned their retirement. Let them go. 2014 will be the year of the upgrade for many of you. Resolve to make it count.

13. I will upgrade all my old XP and Office 2003 users.

And speaking of legacy, XP is dead. As of April, it is no more… no more patches, no more security updates. The same goes for Office and plenty of other systems out there. The difference between 12 and 13 on this list is that 12 is the purview of the SysAdmin, who knows he or she needs to upgrade. 13 is going to involve a user who just can’t update because learning new things is hard and it still works, so why replace it. Hey, if they want to drive that ’79 Pinto with 330K miles on it, that’s their business, but they cannot run systems on your network that can no longer be maintained, and both XP and Office 2003 are going the way of the DoDo come April. It’s time to pull the plug. Just make sure you give them 8.1 and Office 2013 so you don’t have to do this again for at least the next several years!

If you don’t want to resolve to give up coffee or take up running, don’t. I’m not about to tell you to do something you don’t want to do, if you don’t have to do it. The resolutions above are not like that. These are all things that are good, good for you, and take less effort than the alternatives will should you choose not to. Getting proactive, taking care of business, and upgrading things you can no longer support will all help to protect your nights and weekends, and hey, you might even have time to hit the gym if each morning is no longer a fire-drill. Have a great, happy, and safe New Year, and resolve to do right by your network and your users.

– See more at: http://www.gfi.com/blog/13-new-years-resolutions-for-every-sysadmin/#sthash.nzgpyAeG.dpuf

10 Tips to Enforce Your Online Security

Written by David Attard

I recently wrote an article called What the Hack, in which Ido-dont-300x300 discussed the spate of hack attacks happening at the time. Unfortunately, not much has changed since then, and we keep on hearing of more and more password leaks, hacks, identities being stolen and loss of personal information. One of the password leaks that made headlines was that involving the loss of millions of Adobe passwords.
Continue reading

BYOD: 16 Rules to Avoid “Bring Your Own Disaster” [Infographic]

Written by: Christina Goggi

Productivity is what you want in your business; and productivity increases when your employees are happy in their  jobs. Giving them space and a level of freedom to use their own devices on the company network is one approach that shows trust– and that makes them happy. At the same time, you do not want that ‘freedom’ to negatively impact the hard work that went into standardizing and protecting your system.
Continue reading

51 Things You Need to Stop Doing Now

Written by: Christina Goggi

Here’s a list of 51 things you need to stop doing NOW. Parse this list, and if anything on it lines up with how things are done in your environment, stop it. Trust me on this. Each and every one of these things is bad, wrong, or even dangerous, and while it may seem like the simple thing to do right now, it is going to cost you much more in the long term.

1. Using default passwords

It takes 10 seconds to change the password on any device. Do it, or don’t be surprised when someone owns your access points, or your printers start to display “Insert Coins to Continue…”

2. Using password policies that are either too strong or too weak

Password length, complexity, and expiration requirements should strike a balance between security and functionality. A password that must be changed every 30 days is probably excessive, and will lead to admins ticking the box so their password never expires. Not requiring complexity makes it trivial to brute force or crack using simple dictionary methods. You should neither assume you won’t be a target, nor think you work for the NSA when setting the password policy for your users.

3. Forcing password patterns

Continue reading

18 Free Security Tools for SysAdmins

Here are 18 of the best free security tools for password recovery, password management, penetration testing, vulnerability scanning, steganography and secure data wiping. This list is intended to supplement the list provided on 101 Free Admin Tools. Additionally, other tools that can also be used for security purposes (e.g. file or disk level encryption) can be found on Top 20 Free Disk Tools for SysAdmins. Even if you may have heard of some of these tools before, I’m confident that you’ll find a gem or two among this list. Continue reading

The Hidden Security Threat

Although not all stories in the tech press are IP-security-300x225directly related to security, they often highlight issues that can be excellent educational material. A recent story in The Register about a researcher who wanted to map the Internet caught my attention.

The researcher had a Herculean task to complete: to scan billions of IP addresses using the few computers he had at his disposal. He obviously needed help but where does one find that level of assistance? The researcher gave this some thought and decided to try and exploit insecure systems connected to the Internet. That surely would help.
Continue reading

Survey: 5 Most Ridiculous Things IT Admins Have Seen Business Users Do [INFOGRAPHIC]

f you work in an office, chances are you have seen a frantic IT guy or gal running around trying to put out virtual fires, and you’ve wondered what all the fuss was about. In addition to the numerous, legitimate, technical glitches that can come up when operating a data center, there are also lots of mind-numbing issues that IT admins run into when it comes to supporting users. GFI was curious to find out how stressed IT admins are and what causes all that tension, so we surveyed hundreds of IT admins in the U.S. and the UK. The topline results were very interesting, but it was when we dug deeper that we learned just how strange the daily user support situations really are.

Here are the top five categories for the most ridiculous things users do, as well as some odds and ends you have to read to believe . . .
Continue reading

The Top 89 Admin Pet Peeves

Pet peeves, annoyances,Admin-Pet-Peeves irritations, grievances, vexations…if you are an IT admin, I bet you have a few. We all do. There are just some things that can set one admin off on a wild tear, while others go on nonplussed. Here is our completely unscientific, unranked and arbitrary list of the top 89 admins’ pet peeves. Some may give you a chuckle; others may strike a sympathetic chord. Read through the list, and then leave a comment letting us know if we nailed your personal biggest hate, or missed it completely.
Continue reading