Enemy 1 & 2: Passwords and Patches

Posted: March 6, 2007 in Passwords, Patches, What doesn't work

I could not help reading the Security 2.0 posts by Mark Curphey and I especially liked the Business Activity Monitoring discussion.  However, I see 2 major enemies that cause us pain every day and put organizations at great risk.  In my mind neither of these has been addressed properly.  

 

Enemy #1: Many internal penetration tests obtain the admin or root access by guessing passwords. 

Enemy #2: What do I say? Unpatched systems are an initial point of entry for many attacks both internally and externally.  Tools like Metasploit make it even easier.

   

Of course I’m not throwing out statistics, but I see first hand the results weekly.   One can only hope that the Security 2.0 solution addresses the problems with passwords and patches.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s