10 Costly Security Errors System Administrators Make

System Administrators Mistakes

Over time, technology has become the foundation of productivity for every company, regardless of industry. And the use of technology cuts across all aspects of business—internal, external, communication, production, marketing and more. As a result, companies depend on the information technology (IT) department to keep their systems working efficiently and reliably. This places huge demands on the system administrator or IT staff. 

Thousands of IT Pros get helpful tips, articles and updates on new tools, podcasts, blogs and whatever else is of interest every week - read it on our blog & subscribe to IT Pro Tuesday (or check out IT Pro Tuesday on Reddit).

System administrators are the tech experts saddled with the responsibility of making computers work optimally for their companies. They must keep the company's systems online so all essential functions can be performed uninterrupted. The sysadmin’s understanding of security loopholes and their ability to solve problems in the systems they manage is a vital asset for any organization. However, sysadmins often make mistakes that can be detrimental to the security of a company, and many of those are avoidable by following some good practices.

As system administrators or IT staff, you need to maintain uncompromised control, management and protection of the network. Your company's critical operations are accessible through and reliant on it. And it is the primary means through which the majority of business transactions are carried out each day. You need to provide a trusted environment—one in which employees are comfortable that communications will not be tampered with and potential customers can feel safe making purchases—and that means creating an SSL certificate. The SSL environment provides a foundation of trust by ensuring that each connection is secured.

Unfortunately, mistakes of sysadmins or IT staff can result in system problems and security threats. Just remember: to err is human, and mistakes can sometimes result from factors that aren't obvious at first glance. The responsibility of protecting the network, combined with the complexity of the work and pressure from users, creates unexpected challenges. And sometimes those challenges get the best of us, leading to mistakes we would not have otherwise made. Keep this in mind whenever you are the new sysadmin taking over at an existing company. Complaining about the previous sysadmin and the work they performed is a bad idea. Don't go into the break room and gripe to your new coworkers, "What was this guy doing all day? I don't think he did a single thing right!" That former sysadmin worked alongside these people, and some may have liked him or be his friend still. You will have to work with these people, so if they think all you're interested in doing is bashing the last guy, you may find them quite unhelpful when you need cooperation down the road. 

Don't do too much too quickly. Instead of deciding to change the entire company’s domain structure on the first day, take a few days to go around and introduce yourself to everyone—or at least the other department heads. Find out what they do and how they do it, and ask if there are any features they'd want that would make their work easier. It's always better to understand what's working and not working BEFORE you start making changes.

Don't assume because it wasn't done the way you would've done it that it was done incorrectly. Imagine you are in the data center and wondering to yourself "Why would they have set this switch port to 10M?" There is a reason you may not find out for years... but at one time, with one specific problem, that was the fix. If you set it back to Auto now, it may disrupt the entire company! The point here is, the fact that you didn't do it may not make it wrong. In fact, it may have been the only way to get something done after all other options had been ruled out.

Don't be the IT stereotype! Go to lunch and talk with your "users." Your job will be easier if they see you as approachable, and that means they will tell you when something is wrong instead of letting you find out the hard way. In addition, when you need something, your coworkers will be easier to work with if they know a little more about you.

And it's always wise to stay humble. It is not just end-users that make mistakes and have bad habits. IT administrators do too, from poor user account management to juggling one or two passwords for multiple accounts. So avoid the temptation to be condescending when users do things that seem foolish—there really is no benefit and it can create problems. It's fine to explain why they shouldn't do whatever it is they did wrong, but be respectful about it.

The Top 10 Mistakes System Administrators Make

Let's take a close look at the 10 biggest mistakes IT administrators make, why they happen and how they can be fixed. All of these errors are likely to be risky, and it is important for sysadmins and IT staff members to understand why.

1. Making changes without testing

Before any changes are implemented, they should first be subjected to thorough and meticulous testing. Data loss prevention (DLP) should be considered—this is a set of tools and processes that ensure sensitive data cannot be lost and that control endpoint activities so you can restore files in case a disaster occurs. Check all hardware to make sure it works before you deploy it. Make sure you have sufficient documentation and that it is updated to reflect each change. Test everything from patches to backups, and always have a backup plan in case disaster strikes.

2. Being slack about patches

Many servers have been compromised because of a long-uninstalled patch. It is important to install security updates (DLP, TLS, SSL) as soon as they are available, but applying an untested patch could potentially cause mission-critical applications to malfunction or create other unforeseen damage. Therefore, it is safer to first build a test environment where you can safely see the result before applying a patch. And don't forget about updating your firmware! Patching processes are necessary to mitigate network threats, but as a basic starting point organizations must protect themselves from email-delivered security threats that subsequently allow network threats to succeed.

3. Configuring an open relay

Configuring an open relay that allows users to send emails to absolutely everyone is a ticking time bomb. Cybercriminals use such servers to send targeted email designed to trick recipients into taking actions that will allow the attackers to gain access. Once your server is flagged as being a source of such messages, it will end up on every blacklist on the planet.

4. Enabling anonymous FTP uploads and TLS

File Transfer Protocol (FTP) is a TCP protocol used for downloading files between different computers. Enabling FTP uploads can overwrite important files and use up your disk or traffic allocation. To prevent user credentials and data from being intercepted in transit, you can activate the anonymous FTP upload with the default user account as anonymous or FTP and the email address as the password.

5. Using dictionary passwords

Cybercriminals use dictionary attacks to break into password-protected servers by systemically entering every word in the dictionary until they find the correct password. This approach can also be used in an attempt to find the key necessary to decrypt an encrypted document. This can be prevented by limiting the number of attempts allowed within a given period of time and by wisely choosing passwords that would not be found in any dictionary.

6. Not changing passwords

Users have a way of getting around security controls. For example, when forced to create complex passwords, users tend to write them down so they don't risk forgetting them. Sysadmins often set up servers with weak administrator passwords or with the same passwords as other machines on the network. Such real-world considerations mean a good password policy will balance security with convenience and usability. Enabling passphrases is a good option to strengthen security and improve user experience.

7. Deploying open Wi-Fi networks

An open Wi-Fi network is an unsecured wireless network where the user does not need a security code to gain access. Utilizing an open Wi-Fi network makes the network and your data defenseless and accessible to external attacks. Therefore, the Wi-Fi protected access protocol must be in place and the use of TLS must be adopted to ensure data is protected. The secure socket layer (SSL) can also be used to keep information transfer between the web browser and the server private.

8. Permitting unrestricted zone transfers

Sysadmins or IT staff should not permit zone transfers to any IP address from the internet, since zone files contain complete information about the domain name and IP addresses configured on the target name server. Information acquired from zones can be useful for an attacker to implement various exploits against a company, like targeting test or development servers that are usually less secure.

9. Implementing host files but not fixing DNS

Fixing DNS is very important and should be addressed before implementing the host file. DNS issues will create web surfing problems.

10. Running unverified downloads

It is a big risk to run unverified downloads, especially if the download might have resulted from a phishing email. Further, always be sure to check that your file has downloaded properly before running it.

Have you been guilty of making any of these mistakes? You might want to check out our sysadmin resource IT Pro Tuesday for more ideas on how to do your job better. You can also run a free phishing simulation to find out the accurate statistics on your organization's vulnerability to phishing attacks. And what about your human firewall - is it enabled? 

IT Pro title: 
The Top 10 Mistakes System Administrators Make