Home > Windows Security News > More enterprises admit to intrusions, lack of best practices
Windows Security News:
EMAIL THIS LICENSING & REPRINTS

More enterprises admit to intrusions, lack of best practices

By SearchSecurity.com Staff
31 Oct 2005 | SearchSecurity.com

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   

One in four enterprises admits its networks and servers have been compromised in the last two years. That number is far greater -- 40% -- for companies with 20,000 or more employees. Given how many also admit to not taking precautions beyond the bare minimum, the real shock may be that even more organizations weren't victimized.

"In the final quarter of 2005, it is somewhat surprising that only slighting more than half of enterprises indicated they have turned off nonsecure protocols like Telnet or FTP," commented Jeff P. VanDyke, president of Albuquerque, N.M.-based VanDyke Software Inc., in a prepared statement. VanDyke Software, which provides standard-based security software, commissioned the survey of 360 respondents conducted earlier this month by Amplitude Research Inc. of Boca Raton, Fla.

More than 50% of respondents at larger companies, which constituted almost half of those taking the survey, did say they now use automated scripts to perform security monitoring and update virus signatures to servers. Combined with those at companies with 1,000 or less employees, the following tactics were being used:

  • 92.26% installed a network firewall
  • 53.56% use a network analyzer (e.g., Microsoft Baseline Security Analyzer)
  • 53.25% turn off nonsecure protocols like Telnet or FTP
  • 51.70% installed an intrusion detection system
  • 50.77% installed a user-based firewall
  • 42.11% implemented WiFi security (WEP, WAP, proprietary like 3Com)
  • 39.63% set up a DMZ
  • 37.77% use a port scanner to locate out-of-policy services on the network
  • 3.72% stated "other"

  • Another interesting highlight was where folks turned to learn about security best practices.

    The top sources of information were security-related Web sites (69%); trade magazines (67.5%); training courses (53%); and conferences (50%). Also having in influence were newsletters, online discussion forums, books, local training courses through universities and user groups, USENET groups and security-related Web logs, or blogs.

    This article originally appeared on SearchSecurity.com.

    Tags: UpdatesPatch Maintenance Defining PolicyProduct Flaws and VulnerabilitiesIntrusion Detection Systems Intrusion Prevention SystemsVIEW ALL TAGS

    Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


    • HomeNewsTopicsITKnowledge ExchangeTipsAsk the ExpertsMultimediaWhite PapersIT DownloadsBlogs
    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    SEARCH 
    TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




    All Rights Reserved, Copyright 2004 - 2008, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts