I perform audits around the U.S. and there are three problems that commonly show up at the top of the “danger” list. There is a good chance that your organization has these problems too. Not only are they the three most prevalent dangers, it is self-evident that attackers look for common weak spots. Here are the three common problems:
- Attackers find vulnerabilities in applications. Common targets include Adobe Reader, Flash, and Java. Keep these and all of your applications patched and upgraded to the most recent version.
- Operating system patches and upgrades. And, thank goodness, there is a control that can help make up for the top two; but please take care of the top two! The tool is a different kind of firewall called a client firewall. An example is described here:
- Improper use of user login accounts. Chances are that you have user accounts that provide significantly too much security access to the user. And some of those same accounts probably have jokingly weak passwords. In fact, there’s a good chance there are even accounts for people who are no longer with your organization—and the accounts have the same old passwords.
Keep your eyes peeled for more information on remedying these important problems soon.
Please post your comments on this blog.