10 Costly Security Inaccuracies System Administrators Make

System Administrators Mistakes

Over time technology has risen to the horizon of being the bedrock of every business across every industry and development. The use of technology cut across every aspect of business which includes internal, external, communication, production, and marketing. The industry depends largely on information technology (IT) to render a matchless and Optimal performance which requires and demands huge effort and applications of a system administrator or IT staff. 

Thousands of IT Pros read tips, articles, updates on new tools, podcasts, blogs and whatever else that is released every week - check & subscribe to IT Pro Tuesday(or check IT Pro Tuesday on Reddit).

The system administrators are experts saddled with the responsibility of making computers work in the industry and other business organizations. They are likewise in charge of the uninterrupted operation of the computers in taking care of the business needs. The system administrator’s cognition on system security loopholes and their impact of signals in the business they are managing is an appropriate asset for any organization. In their line of duty, the system administrators often make some mistakes that can be detrimental to the security system of a company.

As system administrators or IT staff, you have to control, manage, and protect the network without any trace of inaccuracy. This is because the network is a medium through which the most important components of online businesses are created. It is also a major platform through which business transactions are been carried out daily. Due to the important role played by the network, a trusted environment where promising customers feel assured and satisfied in making purchases by creating an SSL certificate is needed. This trusted environment enables a foundation of trust, establish a secure connection, and assure visitors’ connection is also secured. Note that any inaccurate operation and application from the system administrators or IT staff could result in network threats. Since to err Is man, and mistakes are often made by the system administrators or IT staff due to some unconsidered factors. The factors apply only to new System administrators taking over the role at an existing company.

Talking badly about the previous system administrators and the work they performed. For example, saying in the lounge to other co-workers "What was this guy doing all day, I don't think he did anything correctly". That former System Administrator was a co-worker with these people, some may have liked him or be his friend still, you will have to work with these people and if they think all you are interested in doing is bashing the former guy you might be in for a rude awakening. 

Don't do too much too quickly! Instead of deciding to change the entire company’s domain structure on the first day take a few days to go around and introduce yourself to everyone or at least the other department heads. Find out what they do and how they do it, find out if there are any features that they want that can make their work-life easier. 

Don't assume because it wasn't done the way you would've done it that it was done incorrectly. So you are in the data center and are wondering to yourself "Why would they have set this switch port to 10M?".

There is a reason, you may not find out for years...but at one time with one specific problem that was the fix, you set it back to Auto may disrupt the entire company for all you know. The point here is, the fact that you didn't do it may not make it wrong, in fact, it may be the only way because all other resources were exhausted.

Don't be the IT stereotype! Go to lunch and talk with these "users." Your job will be easier if they think you are approachable and they will tell you when something is wrong instead of doing nothing.  Also when you need something your co-workers will be easier to work with if they know a little more about you.

It is not just end-users that have bad habits. IT administrators have them, too, from poor user account management to juggling one or two passwords for multiple accounts.

We will take a close look at the biggest mistakes IT administrators make, why they happen and how they can be fixed. Mistakes, we all make them. Even the administration department and production department that works to keep the organization running smoothly. The responsibility of protecting the network, combined with the complexity of the work, and pressure from users, brings forth unexpected challenges. Sometimes such challenges get the best of us, leading to mistakes we would not have otherwise made. Sometimes regular employees are the main problem of breaches due to lack of security awareness. All these 10 inaccuracies are likely to be risky and it is important to make known these costly inaccuracies to the system administrators or IT staff:

1. Making changes without testing

Changes should first be subjected to thorough and meticulous experimentation. That is before any changes can make it is advisable to test them so as not to end up in a disaster. Data loss prevention (DLP) processes should be considered. Data loss prevention (DLP) is a set of tools and processes used to ensure that the sensitive data is not lost and to control the endpoint activities so as to regain the files back in case a disaster occurs, not creating any forms of documentation, new documentation, change documentation, process documentation I.e not testing anything: applying certain updates straight into the live systems, implementing any change without knowing possible outcomes, changing hardware without checking it works is very risky. The quickest way to land in hot water is by implementing a change without knowing the possible outcomes. Test everything from patches to backups, and always have a backup plan in case disaster strikes.

2. Being slack about patches

It is preventive and safer to first consider building a test environment by installing security updates (DLP, TLS, SSL) as soon as they are available before applying the patch. Too many servers can be compromised because of a longtime uninstalled patch. Applying the untested patch is not safer and could eventually cause a network threat whereby attackers start compromising the box. Instantly, test patches as they create a schedule for rolling out the operation. Patching processes are required to mitigate network threat, as a basic starting point organization need to protect themselves especially from email-delivered security threats that subsequently enable network threats to be successful.

3. Configuring an open relay

Configuring an open relay to restrict users from sending emails to anyone could lead to having your mail servers on every block list on the planet, more than 45% of a massage requires some form of user interaction, suggesting that user targeted email, designed to trick users, Is a primary tactic used by attacker to establish their access.

4. Enabling anonymous FTP uploads and TLS

File Transfer Protocol (FTP) is a TCP protocol used for downloading files between different computers. Opening FTP uploads possibly overwrite other files of importance and which also lead to erasing of your files. Also, the disk and traffic allocation can be used up. To forestall the interception of user credentials and data transfer, the anonymous FTP upload where the default user account appears as anonymous or FTP and email address as the password can be activated.

5. Using dictionary passwords

Antagonist users used a dictionary attack to break into a password-protected server by systemically entering every word in a dictionary as a password, can also be used in an attempt to the key necessary to decrypt an encrypted document. This can be prevented by limiting the number of attempts allowed within a given period of time, and by wisely choosing the password of the key

6. Not changing passwords

The room must not be left for security breaches. Many a time, servers are set up with weak administrators password or with the same passwords as other machines on the network. Users have a way of getting around security controls. For example, when forced to create complex passwords, users will write them down to save them the memorization trouble. To solve the password changing issue, a good password policy that will balance security with convenience and usability should be used. Enabling passphrases can strengthen security and improve user experience.

7. Deploying open Wi-Fi networks

An open Wi-Fi network is an unsecured wireless network where the user does not require a security code before use. Utilizing an open Wi-Fi network makes the network and your data to become defenseless and accessible to external attacks. However, the Wi-Fi protected access protocol must be in place and also, the use of TLS must be adopted by system administrator so that their data integrity can be protected. The secure socket layer (SSL) can also be used to ensure that the information transfer between the web browser and the server remains private.

8. Permitting unrestricted zone transfers

System administrators or IT staff should not permit zone transfers towards any IP address from the internet. Since zone files contain complete information about the domain name and IP addresses configured on the target name server. Information acquired from zones can be useful for the attacker to implement various attacks against the target company like targeting test or development servers which are less secure.

9. Implementing host files but not fixing DNS

Fixing DNS is very important and should first be solved before implementing the host file, DNS problem is entangled with web surfing problems.

10. Running unverified downloads

It is a big risk to run unverified downloads. It is advisable to always check properly if your file has downloaded properly before running them. That might be a phishing email that will cause a lot of problems to internal systems. 

Are you a system administrator or IT staff and you found yourselves victim of the above inaccuracies? Feel free to use IT Pro Tuesday to ask for help or get ideas on improvements. Run a free phishing simulation to find out accurate statistics. So what about your human firewall - is it enabled?