ArticleInstalling Software is a Risky BusinessBeware! That software you have just installed on your computer is probably not secure -- not secure at all. Most Microsoft, Linux and UNIX software used by businesses does not have adequate security features, and the small amount of software that does have some security features doesn't have it enabled after its been installed. Microsoft seems to be a big target for security problems. They've had a special hard-core security initiative for over a year, and have released a new version of their Windows software with "enhanced security." We're talking about Microsoft's Windows 2003 Small Business Server. It does come with a build-in firewall and many claims about its enhanced security stance.. However that firewall is not properly configured as shipped. According to Windows Magazine the "firewall" exposes dozens of services on the server to external attack. Even once an expert has properly configured and enabled this Microsoft supplied firewall it still won't do the job -- it doesn't have many of the features considered essential by computer network security professionals. Features such as logging capability are missing, services such as IIS, which should be optional, are enabled and are open to attack on dozens of ports themselves. The lack of logging makes it impossible to determine when attacks are underway, what types of attacks have occurred and impossible to do any type of forensic investigations. The dozens of open ports make the server highly vulnerable to attack. Truly amazing.
Software Must Be Reconfigured After InstallationMost commonly used software does not have appropriate security restraints when installed. This includes:
What To Do
The bottom-line? Don't trust newly installed software -- even firewall software. Often a false sense of security is much more dangerous than knowing that you are exposed. |
For information on reproducting articles on this site, visit http://www.esecurityguy.com/reproduction