System administrators are responsible for the reliable operation of corporate IT resources, working around the clock to manage deployments and upgrades, as well as finding the fastest way to solve problems.
Celebrating the 17th annual SysAdmin Day, we recognize their dedication and workplace contributions and want to show appreciation for their talent. However, we wondered how they deal with so many challenges at the same time? Apparently, they abide by ancient security wisdom in the form of these 10 security commandments …
- Thou shalt install security patches. Exploiting vulnerabilities is one of the main infection vectors. To prevent intrusions, keep the operating system and all its applications always updated.
- Thou shalt audit. Keep a record of logs and everything that goes on in the system in order to detect security gaps in servers and anything that hosts sensitive information.
- Thou shalt use security technologies. The basic combination of antivirus, antispam and firewall software is only the starting point. They should be complemented with other tools, such as intrusion detection systems (IDS), honeypots, or encryption software.
- Thou shalt implement security policies. These documents define the best practices, limit the actions of users on information resources, and state their responsibilities towards them.
- Thou shalt use strong, unique passwords. These are the access keys to many resources such as servers, mail, and routers. They must be strong and have to be stored in specialized password managers to minimize the risk of unauthorized access.
- Thou shalt grant your users limited rights. Administrative rights should be granted only to small groups, as they could be exploited by malware to perform actions on the file system or install unauthorized programs.
- Thou shalt use legitimate software. Downloading applications from unknown or illegitimate sources may install trojanized software or malware.
- Thou shalt educate your users. User awareness regarding the proper use of technologies, data protection and existing threats can be implemented through training talks, posters and login messages.
- Thou shalt not make unjustified exceptions. Security policies should be applied consistently throughout the whole network. Making exceptions for a manager, a friend or a developer may cause problems, even though the rest of the users comply with the policies.
- Thou shalt know the security trends. Cyberthreats and techniques are constantly evolving. Meanwhile, security measures are developed and improved to fight them. Reading WeLiveSecurity is a good starting point.
Day after day, SysAdmins do this and much more; that is why we appreciate their work, effort and patience. Thank you for making the corporate environment safer!
Author Editor, ESET