According to the SANS Institute:

• Connecting systems to the Internet before hardening them
• Connecting test systems to the Internet with default accounts or passwords 
• Failing to update systems when security holes are found
• Using Telnet and other unencrpytable protocols for managing systems
• Giving users passwords or changing passwords over the phone
• Failing to maintain and test backups
• Running unnecessary services such as finger
• Implementing firewalls with inadequate rules
• Failing to implement or update virus detection software
• Failing to educate users regarding security

Source: The top 10 IT security mistakes. (2000, June 26). eweek. p. 38.

- R. S. Kulzick - 09/23/00 -

Contact rkulzick@stu.edu with questions or comments about this web site.
Copyright © 2000 Raymond S. Kulzick - Last modified: September 13, 2008