Welcome to the Proxy Update, your source of news and information on Proxies and their role in network security.

Friday, September 25, 2009

7 Ways Security Pros DON'T Practice What They Preach

Computer World reminds us this week that IT admins rarely practice what they preach. In a world where we force our end-users to go through proxies and firewalls, it's common for the IT admin to create work-arounds or special policies that let them through the proxy or firewall without the same level of security as the rest of the end-users.

While I applaud them for pointing this out, my own personal philosophy is that the admin should be forced to obey the same restrictions as the end-users, but also have the ability to bypass it when the needs of the job arise. It's the admins that routinely bypass security restrictions that are the most likely to shoot themselves in the foot, by inadvertently getting a malware infection or causing some other problem on the network.

There are also simple rules that we often forget, or think we're above the rest or the world, and that includes things like simple admin passwords, USB sticks with secure data, and using open, insecure wifi networks. Think twice the next time you do something you know your end-user can't.

No comments: