RSS Alerts

Share

More services

Related Links

Related Stories

Top 5 Stories

News

Misconfigured networks open door to hackers

02 September 2010

Research just released shows that IT security professionals think that a badly configured network is the main cause of network breaches.

In a study of elite IT security professionals attending the Def Con 18 security event in Las Vegas recently, Tufin Technologies says that 73% came across a misconfigured network more than three quarters of the time - which, according to 76% of the sample, was the easiest IT resource to exploit.

Commenting on the results of the survey, Reuven Harrison, Tufin's CTO, said he was surprised to find that 58% of respondents also viewed network misconfiguration as being caused by IT staffers not knowing what to look for when assessing the status of their network configurations.

The co-founder of the security lifecycle management specialist added that the results are notable because more than half the survey respondents actually work in corporate IT.

"The really big question coming out of the survey", he said, "is how to manage the risk that organisations run dealing with the complexity that is part and parcel of any medium-to-large sized company's security operations", he said.

Delving into the research, which took in responses of 100 IT security professionals at the Def Con security event, reveals that 18% of professionals believe misconfigured networks are the result of insufficient time or money for audits.

Fourteen percent, meanwhile, felt that compliance audits that don't always capture the fact that best practices are a factor and 11% felt that threat vectors that change faster than they can be addressed also play a key role.

Automating configuration and security management is the best way forward to solving this problem, he claims.

And with an increasing number of self-described black (11%) and grey hat (46%) hackers holding corporate security positions, Harrison adds that the focus has overwhelmingly been on how easily we can break things  - less than 30% of the sample is motivated by the desire to actually fix broken systems.

"When you factor in the issue that 60% of the respondents said they had a day job in the corporate world, it's clear that IT managers need to address the security shortcomings of their networks by remediating the network misconfiguration issue. Only by configuring their network resources correctly can companies hope to beat these security issues", he explained.

Infosecurity notes that 75% of respondents to the survey called themselves hackers, so Harrison says that network managers need to wake up to the fact that network misconfiguration is now a primary security issue for their IT staff.

 

This article is featured in:
Compliance and Policy

 

Comments

johnnyholmes says:

02 September 2010
This has to do with the fact there are so many "network engineers" controlling security devices of a network and leaving gaping goatse holes. Hail Cisco!!

Note: The majority of comments posted are created by members of the public. The views expressed are theirs and unless specifically stated are not those Elsevier Ltd. We are not responsible for any content posted by members of the public or content of any third party sites that are accessible through this site. Any links to third party websites from this website do not amount to any endorsement of that site by the Elsevier Ltd and any use of that site by you is at your own risk. For further information, please refer to our Terms & Conditions.

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012