 |
|
|
|
|
|
|
|
 |
|
|
|
|
Lee's Bio
|
 |
|
|
|
|
|
Lee Drake is President and CEO of OS-Cubed, Inc. OS-Cubed is there to assist you when your computers cause more problems than they solve. Their philosophy of creating a stable and secure environment upon which to build optimal solutions allows them to create applications that not only solve problems, but prevent them in the future.
Lee Drake has extensive speaking experience. He's spoken on topics such as computer security, programming best practices, building content managed websites, building online communities, virus and spyware prevention, and a variety of other computer-related topics. As sponsor and author of the Viruswarn.com website Lee has built a world-wide following of users who rely on him and his co-authors to get up-to-date information on virus threats. In addition, Lee has participated in a number of discussion panels on wide-ranging business-related topics, including health insurance for small businesses, legislative issues for NYS businesses, workmen's comp, 240/241 reform, and Medicaid/Medicare reform. He participated in a panel sponsored by Senator Hillary Clinton on the challenges of providing health care to small businesses |
As a member of the executive board for the Rochester Small Business Council Lee has worked hard to help NYS create an environment that is more friendly towards small businesses. As a member of the economic development committee for the Rochester Business Alliance he's participated in assisting Rochester to grow into a competitive upstate NY city. As a member of the board for the Genesee Valley Chapter of the Society for Human Resource Management Lee has added extensive experience in the everyday issues of HR Management in the small business. In addition, Lee serves on the advisory board for the Neighborhood of the Arts in southeast Rochester.
As a member of the Rochester Professional Consultants Network Lee has spoken on panels ranging from computer solutions for small businesses, building an online presence for your consulting organization, web advertising, and search engine optimization, to the challenges of building a consulting organization.
As 50% owner of Aztek Computer Solutions, Inc., Lee helped build a Rochester Top 100 company. As President and CEO of OS-Cubed, Inc., Lee is well on the way to creating his next Top 100 company.
In addition, Lee has participated extensively in the programs sponsored by The Executive Committee (TEC) now known as Vistage. Lee is a graduate of Cornell University ALS School, a Certified Novell Engineer, a programmer, a Habitat for Humanity supporter, an avid Tournament Paintball player, and a fan of science fiction and fantasy books. He also enjoys playing a wide variety of computer, card, and board games.
|
|
|
|
|
|
|
|
Top 20 vulnerabilities updated
|
|
|
|
|
Location: Blogs Lee's Blog |
|
| Posted by: Lee Drake |
11/17/2006 |
SANS updated it's top 20 security vulnerabilities this month. There has been some changes since last year's update....
SANS released their list of the top 20 security vulnerabilies this month. There are a few items of note on it:
- The list has been broken up into these broad categories:
- Operating systems
- Cross-platform applications
- Network Devices
- Security Policy and personnel
- Special Section on Zero day attacks and prevention
- Under OS Microsoft lead the way with the first 5 categories (Internet explorer, windows libraries, MS Office, Windows Services, and Windows configuration weaknesses). Max and Unix also had a category each.
- Under cross platform apps SNAS listed web apps, databases, file sharing, instant messaging, media players, dns servers, backup software and security enterprise and directory servers.
- Under Network devices VOIP phones got their own category, as well as a "general net devices" subtopic for routers, firewalls and security appliances.
- Under security policies they listed Excessive user rights, unauthorized devices, and Phishing.
- The zero day attack section was specifically about attacks that happen the same day the vulnerability is revealed - giving vendors and security personnel little or no time to respond.
The conclusions we can draw here are pretty wide - however to summarize a bit:
- Every application, operating system, browser, service and appliance on your network could potentially be exploited - you need to keep them all patched up to date.
- Although windows attack surfaces are the broadest due to installed base - there are vulnerabilities in every vendor's product across the board - don't get complacent about security.
- "fooling the user" tactics such as phishing have become much more prevalently used to attack people's machines and information.
- There is some great advice within the SANS article for each of these vulnerabilities and how to reduce your attack surface and avoid an attack directed at one of these targets. It's well worth your time to read the recommendations at the end of each section and ask yourself if you're currently following those recommendations.
|
| Copyright ©2006 Lee Drake |
| Permalink |
Trackback |
|
|
|
|
|
|
|
|