Threats

When most people think of computer security threats, they think of viruses, malware, hackers, financial phishing, etc. While these are all true, in order to succeed, a threat must go hand in hand with a flaw in your system. Generally, the threats are not under your control and instead you must concentrate on managing vulnerabilities.

The list of vulnerabilities is constantly changing and the list below is certainly not exhaustive.

• Unpatched OS vulnerabilities
• Improper hardening against Virus/Malware infections
• Introduction of untrusted/unprotected transient machines onto the corporate LAN (laptops/PDAs)
• Improper seperation of corporate networks (DMZ/Red/Green/Blue)
• Improper user training against phishing attacks
• Inadequate monitoring for application vulnerabilities
• Inadequate password policies
• Lack of proper data backups
• Inadequate disaster recovery procedures and training
• Lack of training
• Internal threats and Misuse
• Lack of logging and reviews
• Inadequate firewall policy
• Lack of Intrusion Detection System
• lack of audits, periodic scans, and in particular a lack of emphasis on security as a corporate goal

It is my job to help you understand and counter all of these threats.

---

Copyright © 2006, Gary Huntress All rights reserved. Terms of Use. Privacy Policy.
This web site is maintained by Gary Huntress. Last modified: 5 January, 2007.