link to ARMA about us

General Information                     
Overview
What is RIM?
RIM FAQs
Leadership                       
Board of Directors  
Executive Officers  
Staff Contacts  
Governance                      
Mission, Vision, Values  
Code of Professional Responsibility  
Strategic Issues*  
Operating Plan*  
Board Minutes/Reports*  
State of the Association*  
Election Information*  
Chapters & Regions                              
Chapter Leadership Directory
Region Leadership Directory
Leadership Resources**
Chapter Listing
Awards                                                    
Awards
Cobalt Award
Educational Foundation  
Media Relations  
Advertising Information                         
Media Kit
Sponsorships
Expo Guide
Buyer's Guide
Exhibitor Prospectus

join ARMA

Member Benefits  
Membership Applications                                 
New Application
Renewal Application*
LINC Application
Networking Opportunities                            
ARMA iConference
Social Media Sites
Chapter Leadership Directory
Volunteer Opportunities                            
Task Forces
Officer Candidate Application*
Code of Professional Responsibility  

ARMA publications

What is RIM?  
Regulatory Updates           
Washington Policy Brief
Canadian Policy Brief
Global Policy Brief
Standards           
Standards & Best Practices
Glossary of RIM Terms
Information Management magazine  
Buyers Guide  
InfoPro Online*  
Newswire  
Washington Policy Brief  
Canadian Policy Brief  
Global Policy Brief  
Hot Topic  
Advertising Rates  

ARMA Resources

Standards           
Standards & Best Practices
Glossary of RIM Terms
Professional Competencies  
Code of Professional Responsibility  
Training Programs  
Podcasts  
Books & Videos  
RIM Promotion Materials  
RIM 101  
Media Releases  
Job Search  
Risk Assessments  
Facilitator Resources
Information Overload Blog

ARMA bookstore

New Releases  
Product Search  
View Order Status  

goto customer service

FAQs
Update Profile
Change Password
View Recent Purchases
Bookstore Order Status
Contact Us
Privacy Policy

My ARMA

Member Logon
Update Profile
Change Password
Account Preferences
Member Directory
Board Minutes*
Strategic Plan*

ARMA site map

   
  Shopping Basket  
 

 



All news

New Study Reveals Top 10 Network Risks

February 22, 2012

Tech Target reports that Trustwave SpiderLabs conducted 2,000 penetration tests and reviewed more than 300 breach investigations and found that older, longstanding problems are often among the main security threats that networks face. These threats, including ineffective password management, poor security controls, and misconfigured legacy devices, continue to plague many  organizations.

“The security community continues to focus on new attack vectors, while older threats are often overlooked, ineffectual security controls are implemented, and problems that have existed for years persist,” the company said in its 2012 Global Security Report issued in early February.

The article also drew attention to the fact that remote file sharing software could be a weak point for networks. The study found that 22% of organizations use insecure remote access applications. In addition, software used by IT teams to remotely address problems with laptops and other workstations is often poorly configured, allowing attackers to exploit flaws, steal cached domain credentials, and hop to more sensitive systems.

"When these services are left enabled, an attacker can access them as easily as an approved administrator," Trustwave said. Additionally, it found that remote access weaknesses were used in 61.7% of the tests it conducted.  

According to the article, Trustwave’s top-10 network risks include:

  1. Weak or blank password for administrative account
  2. Sensitive data transmitted unencrypted
  3. Microsoft SQL Server with weak or no credentials for administrative account
  4. Address resolution protocol cache poisoning
  5. Wireless clients probed for ESSIDs from stored passwords
  6. Continued use of Wired Equivalent Privacy (WEP) encryption
  7. Client sends LAN manager response for NTLM authentication
  8. Misconfigured firewall rules permit access to internal resources
  9. Storage of sensitive information outside designated secure zone
  10. Sensitive information transmitted over Bluetooth

“Many issues found in network penetration tests and vulnerability scans are well known, some more than 10 years old and others date back to the very beginning of shared and networked computing,” Trustwave said. “These vulnerabilities are actively exploited by attackers and often represent the path of least resistance.”

In effective information governance programs, such weaknesses are identified and corrected through the application of policies, collaboration with IT to strengthen technology defenses, and robust training to reduce the incidence of vulnerabilities caused by employees.

Organizations should routinely assess the effectiveness of their information governance programs. ARMA International’s GARP® Assessment tool provides a comprehensive and systematic way to measure your organization against the Generally Accepted Recordkeeping Principles®. More information about this assessment product can be found at www.arma.org/garp/assessment.

 

More Information:

http://searchsecurity.techtarget.com/news/2240114941/Longstanding-security-problems-plague-enterprises-Trustwave-finds

https://www.trustwave.com/global-security-report

Diane Carlisle, CRM

NewsWire

Facebook Twitter DZone It! Digg It! StumbleUpon Technorati Del.icio.us NewsVine Reddit Blinklist Add diigo bookmark

NewsWire not only alerts you to the most significant information-related topics in the news, it provides expert analyses that put them in context for you as an information professional. Read regularly, it will help you stay current with compliance, risk management, legal, privacy, and information technology issues and understand their implications for your business environment.

Want to sign up to receive an email version of ARMA International's NewsWire? It's free! Just tell us a little about yourself and you'll receive a monthly dose of the latest in legislation, regulation, and more.

    

 
     
 
about arma     join arma     your membership     contact arma     help   PRIVACY POLICY


© 2009, ARMA International