SQLServerCentral Editorial

Global Insecurities

,

Reading this article about the insecurities found from various scan in 2012 is a little scary. I wonder how many of my former employers have videoconferencing systems, remote control/access systems, or some commercial software with a default password connected to the Internet and unsecured? Reading the article I'd bet at least one of them does.

I also wonder how many of them have old versions of software with known vulnerabilities that can be exploited, not just by dedicated hackers, but by script kiddies. Lots of people have excess time available, powerful computing resources, and mischief in their hearts.

This is slightly maddening to those concerned about the security of computer systems. How hard is it to change the default passwords on the installation of an application? How much more time does it take to configure a system properly? It doesn't' take much at the moment, but it does take time in advance. Proper security requires knowledge, which means that an administrator much have spent time learning how to properly configure a system, or getting a comprehensive list of vulnerabilities and their patches.

I'd love to see vendors publish a best practices document, or a couple of them, for each version of software they release. Give people specific steps to follow on the installation of the software to ensure it is securely configured as well as known vulnerabilities and the patches available. I can publish information, and there are likely any number of blogs out there that my give some best practices, but for new users, the vendor's site is the only resource that many people will follow.

I know I'd be willing to allow vendors to link to any best practices I published, or republish the information on their own site if they wanted to. I'm sure others would feel the same way. Now if only the vendors would agree to use the information.

Steve Jones

The Voice of the DBA Podcasts

We publish three versions of the podcast each day for you to enjoy.

Everyday Jones

The podcast feeds are available at sqlservercentral.mevio.com. Comments are definitely appreciated and wanted, and you can get feeds from there. Overall RSS Feed: or now on iTunes!

Today's podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. Support this great duo at www.everydayjones.com.

You can also follow Steve Jones on Twitter:

Rate

You rated this post out of 5. Change rating

Share

Categories

Join the discussion and add your comment

Share

Rate

You rated this post out of 5. Change rating

Related content

SQLServerCentral Editorial

Mini-Me

Will the next version of Windows be a "Mini-Me" version of Vista? Who knows, and it's too early to tell, but apparently there's a mini-kernel version of Windows 7, the one after Vista, which fits into 25MB on disk. That's a touch lower than the 4GB that Vista takes up. Granted it's not a full […]

You rated this post out of 5. Change rating

2007-10-25

105 reads

SQLServerCentral Editorial

An Hour in Time

Daylight Savings time switches a little later this year. In fact it's November 4th this year, after having been in October for all of my life. In case you don't remember which way we move the clocks, here's a saying: Spring forward, fall back.

5 (1)

You rated this post out of 5. Change rating

2007-10-17

216 reads

SQLServerCentral Editorial

Software is Like Building a House

One of the really classic analogies in software is that it's like building a house. You have a foundation, multiple teams, lots of contractors that specialize in something, etc. And it's an analogy that's debated as to its relevance over and over. I won't go into the correctness of this analogy, but I wanted to comment on it.

You rated this post out of 5. Change rating

2012-10-08 (first published: )

331 reads