LinuxSecurity.com Contributors
Posted By:
Benjamin D. Thomas
11/28/2003
This week,
advisories were released for BIND,
Ethereal, Glibc, Libnids, phpSysInfo,
Stunnel, EPIC, iproute, Pan, and XFree86.
The distributors include Guardian
Digital's EnGarde Linux, Gentoo, Mandrake,
and Red Hat.
Business and
IT centers today are controlled by the
growth of the Internet. Just in ten years,
technology has changed so rapidly that the
old rules no longer apply. Today,
businesses are forced to comply with the
momentum of the Internet, or face
extinction. Change is always difficult,
but now more than ever it is necessary.
With every change in business, security
must constantly be re- evaluated.
In a
typical corporate IT environment, new
business requirements arise each day. The
application development team is constantly
being asked to add new features to
software, the networking team is
increasingly being asked to provide access
at anywhere, anytime and managers have the
opinion, "make it work now, and no
you can't have a budget." Well, it's
usually not that bad, but you get the
idea. Everyone is being stretched to the
limit and it puts a great strain on the
organization. In the middle of adding more
features, access points, and bandwidth,
security is often forgotten. That's okay,
isn't it? "We'll just add security
later once we get the system
working."
That is
exactly the problem all of us have today
when working in security. It is typical to
receive a memo at the end of the day
stating that ten new servers is going to
be deployed tomorrow morning, then at the
end it asks, "Is this ok with
security?" Of course not! The typical
problem that we all face does not have to
do with technology, it is simply a people
problem. Unfortunately, attitudes can't be
changed over night. Sometimes, they may
not be able to be changed or years. The
only way to address this is through a
security awareness program. The smaller
the organization, the easier it should be
. People must be reminded daily that
security is important to the organization,
and is a high priority. The quickest way
to get results, is to get top management
on board. If you see that key management
figures are unwilling to comply, and the
organization is large enough, total
security awareness may be an impossible
task.
Security
is everyone's problem. One administrator
simply patching a server each week is a
good start, but it shouldn't stop there.
Having adequate business security depends
on many. Often, it is your job to let
those people know. I realize that this
task harder than it sounds, but hopefully
I've given you some inspiration to begin
getting others on board. Don't face the
fire alone!
copyright
2004, Security Trends, all rights reserved worldwide
