03 Apr 2002
Commitment to specialist training is failing to keep up with security hardware investment, leaving key devices improperly configured and enterprises open to attack.
A report from consultant NTA Monitor, collated over four years of penetration testing with blue-chip enterprise clients, showed that little progress had been made in addressing basic issues, such as router configuration, which accounted for the highest percentage of vulnerabilities.
The most common, found in 82 per cent of tests last year, was that boxes had not been configured to reject ICMP requests such as ping, which can reveal basic address details of the targeted router.
DNS vulnerabilities decreased, but were still detected in 79 per cent of tests. Block zone transfers remained common, meaning hackers could download all DNS data from a single server in one attempt.
There is a correlation between the increase in concern about securing the enterprise and the rise in vulnerabilities. While companies invest in protecting their business processes they are not allocating enough resources to address the true problems.
Much of these security problems can easily be addressed. The report showed many network managers fail to apply patches, or properly configure hardware and software. It said the sophistication of security technologies makes it difficult for network administrators to keep up to date.
A wide range of specialist courses are now available, but finding the time to send key personnel away from busy IT departments is a challenge.
Peter Bury, who teaches security and networking courses at ISS, said a lack of experienced staff in the security market means some attendees were on call during courses. "Some had to return to work during lunch to deal with IT fire-fighting."
Security devices are meaningless and dangerous without the knowledge to configure them to protect the network. Iain Rusling, security analyst at building society Nationwide, said training had filled basic gaps in his knowledge. "I learned about networks and security on the job, and the training gave a better all-round understanding of how the two are linked," said Rusling.
Have your say on this article
Newsletters
Latest stories from Hacking
Latest videos
You may also like
Hacking jobs
Technology Patent Wars
Case studies from large organisations across all sectors
... And rich media, and flexible working, and peaks in traffic ...
Upcoming Events
Join us for this Computing web seminar, in which the Head of BI at the Co-operative Group Nick Colebourn will be explaining just how he reigned in the Group’s sprawling database estate and how significant savings were realised and data quality improved as a result.
Date: 31 May 2012
Time: 11:00 AM
Live June 13th 11:00am: Register now. During this web seminar we will be looking at the sorts of incidents that can bring data centres grinding to a halt and what can be done about them.
Date: 13 Jun 2012
Time: 11:00 am
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?
