Most experienced system administrators have inherited an IT infrastructure at least once and have been unsatisfied with the work of a predecessor. The complete revision of the entire infrastructure is a painful and costly process, but may be inevitable to reclaim control, minimise the risk of system downtime, check and update internal workflows or even get rid of processes that might increase the risks of security violations. Even experienced professionals can fall into bad habits that affect performance and put the IT infrastructure at risk. So, it’s important to acknowledge these bad habits to avoid them.
-
Failing to keep and review documentation.
This is a classic bad habit because no one enjoys documenting. But it’s vital to spend time and effort thoroughly documenting everything from developing a detailed workflow for new employees to instructions on how to roll out a new service. In the future, this will help you to optimise the IT infrastructure and replace outdated processes to improve cybersecurity and system performance. This documentation also needs to be regularly reviewed, considering changes in both technical and business processes.
-
Sticking to old defence methods.
There’s no solution to guarantee protection against a sophisticated targeted attack but your current security strategy should reflect your needs and capabilities. Leverage antivirus, intrusion detection, change audit, vulnerability scanning and traffic scanning systems, and build your strategy around visibility into any activity that can potentially pose a risk to security. If the risk of external intrusion is high enough and you need to get a better understanding of what is going on, consider investing in security solutions that are able to eliminate vulnerabilities or deploy ‘honeypots’— traps that imitate production systems and allow you to watch the adversary’s activity.
-
Forgetting to document changes.
According to the 2015 State of IT Changes Survey, not documenting changes to system configurations and files puts 70% of IT systems at risk. An average company operates thousands of sensitive files per day and a lack of data governance may lead to the loss of control over an enormous number of changes and modifications in information repositories, while expanding the potential attack surface and increasing security risks. So what’s the right thing to do? Find your way to trace down all changes made to files and system configuration to make sure they are correct and authorised.
-
Giving users administrative rights when it is not required.
Not every user needs all-inclusive admin rights to perform certain tasks. For example, if someone needs to configure the network, just grant them the privileges of network settings operator or if IT admin is absent and a user requires extended permissions, it’s wise to only grant them relevant and temporary privileges. Confusion with access rights might also occur with high employee turnover, as the number of privileged users and roles are constantly changing. The lack of visibility regarding these changes poses the risk of insider misuse, which can be minimised if you initially limit access to data.
-
Doing everything manually.
In some cases, laziness can bring you some good results during your IT administrator work experience. Having automated everything that can be automated, you get rid of a boring routine, improve your efficiency and have more control over the entire IT infrastructure. From a security point of view, automation makes it easier to audit and analyse activity patterns rather than doing the same job with unstructured manual procedures.
-
Failing to make backups.
This can be the most disastrous habit for IT administrators. Backups are the cornerstone of any IT infrastructure management, and an unpleasant experience shows that disasters do happen. So, no matter how experienced you are, backups become extremely handy when you have to restore the system.
-
Testing on live data.
Using personal data while testing a company’s processes in an insecure environment may become a serious problem that puts confidential data at risk of exposure. Without a proper test-data management policy and technologies in place, subsets of production data created for testing purposes might contain sensitive data such as employee or customer records, which could be unintentionally compromised.
-
Storing everything in one place.
As long as information continues to be a target for adversaries, your goal will be to complicate their lives as they search for sensitive data. Isolation of applications, network segments, data and processes forces culprits to spend more time trying to dig for valuable assets. If a hacker gets the chance to penetrate your network through your vent system controls, he shouldn’t be able to get to your payroll data through the same door.
-
Ignoring the details.
Small yet dangerous mistakes that IT administrators commit, such as working under the root account, can have drastic consequences. Often it is a normal situation when an administrator logs under the root, forgetting that the system has only one root account that is likely to be targeted by hackers and malware. By doing that, they allow all running applications — even possible viruses or Trojans — to get elevated privileges and access to any corner of the system. Moreover, any mistake, such as trying to delete a directory with ‘rm –rf’, might end in a disaster. In this case, with a recursive deletion of all of the contents of the system drive. If you have great intuition and are able to identify suspicious changes easily, there is no problem with working this way. But if you are in doubt, just leave administrative tasks to the root user when required and let your applications run on a user level.
-
Feeling lonely.
When you encounter any problem you don’t know how to solve, just remember that you’re not alone. Stay involved with the community, especially when it comes to security questions. Go online and take advantage of professional forums, join a community to educate yourself about new threat patterns and discovered vulnerabilities and be at ease with sharing information with other IT folks; this is how the security awareness is built.
[su_box title=”Michael Fimin, CEO and Co-Founder of Netwrix” style=”noise” box_color=”#336588″]Michael Fimin, is CEO and co-founder of Netwrix. Netwrix is a provider of IT auditing software that maximizes visibility into who changed what, when and where and who has access to what in the IT infrastructure. Over 6,000 customers worldwide rely on Netwrix to audit IT infrastructure changes and data access, prepare reports required for passing compliance audits and increase the efficiency of IT operations. Founded in 2006, Netwrix has more than 70 industry awards and was named to the Inc. 5000 list and Deloitte Technology Fast 500.[/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.