Network security breaches such as the Code Red virus have increased dramatically over the past few years. While this trend isn't entirely due to the Internet, Code Red and many of the other well-publicized break-ins infected systems that are connected to the Web.
It's imperative for IT managers to remain one step ahead of the multiple exploits and vulnerabilities that may be missed by IT staff members who are either untrained or overworked.
Code Red worm updates
For information and updates on the Code Red and Code Red II viruses see:
- Offshoot packs a bigger punch
- Code Red II: Another worm exploiting buffer overflow
- Code Red II security analysis
There are hundreds of training courses and books available on Internet security. Despite the fact that the majority of these books are excellent reference materials, the crux of the key content contained in them can also be found by searching online—and often at no cost. Even after you read the facts and take the courses, one thing will be imminently clear—there is more than one way to effectively implement Internet security.
Therefore, ensuring that your company's network is safe can be a dubious task for many IT professionals. That's why a number of companies consult with outside vendors for their Internet security needs. Unfortunately, this strategy isn't often a good long-term solution because these vendors typically don't educate your IT staff, and the knowledge of the IT department is integral to security.
The cornerstone of Internet security is being aware of and responding to operating system and application software security information. Regardless of whether a system is connected to the Internet or not, staying informed about the latest service packs, updates, and patches is vital. That means that a company's first priority in Internet security is to identify and categorize the software—and versions of the software—that is running on the machines in its infrastructure. However daunting this task may be, it is absolutely critical.
Want more on Internet security?
Subscribe now to our Internet Security Focus TechMail to receive news in your inbox.
Keep in mind that while it's important to monitor security information daily, it's also necessary to schedule time to review information about the software that's being used in your infrastructure at regular intervals. Fortunately, most software vendors offer product information, updates, and bulletins on their Web sites.
One site that is quite comprehensive is SecurityFocus, which collects and categorizes Internet and software security information. SecurityFocus also features a simple category index that makes locating information a snap.
Of course, staying (at least) one step ahead of hackers is much more involved than simply ensuring your software is up to date, but staying informed is a step in the right direction.
Share your favorite security sites
What’s your favorite Web site for monitoring security issues? Let us know how you keep up with security news and events by posting below.