Courtesy - Charlotte Erdmann
Myth 1: More security is better.
False. Many IT personnel still believe there can never be too much security. However, security applications tend to eat up money and resources. Studies show that security measures should be deployed more specifically in order to provide an organization's main targets of attack with additional protection, to maximize efficiency and savings.
Myth 2: Extra bandwidth prevents DDoS attacks.
False. Distributed denial-of-service (DDoS) attacks are the worst-case scenario for every IT manager. Now, it's evident that DDoS attacks affect solution stacks just as often as they do bandwidth. In fact, the 2011 Global Radware Application & Network Security Report shows that small, intense attacks can do more damage. In this case, the greater bandwidth actually helps attacks to be carried out even more quickly. The best solution for effective DDoS protection is therefore to position protective measures after the provider's core routers.
Myth 3: A firewall can protect a network.
Half true. Many IT engineers still believe that a properly configured firewall is enough to protect a network, keeping out all malware. Given time, though, attackers can even overcome good firewalls. Most attacks can at most be contained but not completely blocked.
Myth 4: We'll never be attacked.
Very false. Small companies in particular often think they're not worth attacking. Unfortunately, attacks on small and midsized businesses (SMBs) are on the rise.
Myth 5: Viruses are always noticed.
False. Many users believe that a virus is like a cold -- you're bound to know if your computer's been infected. In reality, viruses on PCs and networks can only be detected by the latest antivirus software, so these apps should be considered an end-point security basic.
Myth 6: The crowd knows what's what.
False. "If a friend warns me about a virus, it must be real." It's a tempting thought. But this assumption can quickly turn a hoax into a constant distraction for the IT department. Users, therefore, need to stay savvy and vet what they hear carefully.
Myth 7: SSL ensures secure traffic.
This used to be true, now it's false. Whereas at the start of the millennium the SSL protocol was hardly ever attacked due to its encryption, this is now changing, as demonstrated by a number of examples. New encryption technologies are required to keep traffic genuinely secure.
Myth 8: Old software is as safe as new software.
False. "Never touch a running system" is still the watchword in many companies. As far as security goes, however, this assumption is flawed. Updates should be installed to close potential loopholes.
Myth 9: Users should regularly change their passwords.
True, with a caveat. A password that is always changing does, of course, present an obstacle to any attacker, but many users forget their new passwords at some point, which means additional work for the IT administrator in return for just a little more security. Although regularly altering passwords is essential in high-security environments, it's enough for other organizations to get their staff to set new passwords every three months.
Myth 10: BYOD is a security hazard.
True. IT departments regard employees using their own mobile devices as a high security risk. Often, they forget that people still use their personal devices or transfer data between company and home computers. IT must therefore get used to BYOD and have the necessary security precautions in place.
When it comes to IT security, truth is fluid and seems to be always changing. IT professionals need to toss out their rigid notions of risk and security, and work to stay up to date. Let us know the myths that you are busting in your organization or any forever truths that you have discovered.
There are plenty of theories about TI security, but there aren't enough hours in the day to sift through and find the truth. Worse, the world is rife with IT security misconceptions. I want to take a few minutes to sort through them, so you can know which apply to your business.
Myth 1: More security is better.
False. Many IT personnel still believe there can never be too much security. However, security applications tend to eat up money and resources. Studies show that security measures should be deployed more specifically in order to provide an organization's main targets of attack with additional protection, to maximize efficiency and savings.
Myth 2: Extra bandwidth prevents DDoS attacks.
False. Distributed denial-of-service (DDoS) attacks are the worst-case scenario for every IT manager. Now, it's evident that DDoS attacks affect solution stacks just as often as they do bandwidth. In fact, the 2011 Global Radware Application & Network Security Report shows that small, intense attacks can do more damage. In this case, the greater bandwidth actually helps attacks to be carried out even more quickly. The best solution for effective DDoS protection is therefore to position protective measures after the provider's core routers.
Myth 3: A firewall can protect a network.
Half true. Many IT engineers still believe that a properly configured firewall is enough to protect a network, keeping out all malware. Given time, though, attackers can even overcome good firewalls. Most attacks can at most be contained but not completely blocked.
Myth 4: We'll never be attacked.
Very false. Small companies in particular often think they're not worth attacking. Unfortunately, attacks on small and midsized businesses (SMBs) are on the rise.
Myth 5: Viruses are always noticed.
False. Many users believe that a virus is like a cold -- you're bound to know if your computer's been infected. In reality, viruses on PCs and networks can only be detected by the latest antivirus software, so these apps should be considered an end-point security basic.
Myth 6: The crowd knows what's what.
False. "If a friend warns me about a virus, it must be real." It's a tempting thought. But this assumption can quickly turn a hoax into a constant distraction for the IT department. Users, therefore, need to stay savvy and vet what they hear carefully.
Myth 7: SSL ensures secure traffic.
This used to be true, now it's false. Whereas at the start of the millennium the SSL protocol was hardly ever attacked due to its encryption, this is now changing, as demonstrated by a number of examples. New encryption technologies are required to keep traffic genuinely secure.
Myth 8: Old software is as safe as new software.
False. "Never touch a running system" is still the watchword in many companies. As far as security goes, however, this assumption is flawed. Updates should be installed to close potential loopholes.
Myth 9: Users should regularly change their passwords.
True, with a caveat. A password that is always changing does, of course, present an obstacle to any attacker, but many users forget their new passwords at some point, which means additional work for the IT administrator in return for just a little more security. Although regularly altering passwords is essential in high-security environments, it's enough for other organizations to get their staff to set new passwords every three months.
Myth 10: BYOD is a security hazard.
True. IT departments regard employees using their own mobile devices as a high security risk. Often, they forget that people still use their personal devices or transfer data between company and home computers. IT must therefore get used to BYOD and have the necessary security precautions in place.
When it comes to IT security, truth is fluid and seems to be always changing. IT professionals need to toss out their rigid notions of risk and security, and work to stay up to date. Let us know the myths that you are busting in your organization or any forever truths that you have discovered.
nice blog.
ReplyDelete