Redspin Security Report: Top 10 Network Security Threats of 2008 - Q2 Update
In short, controls have been deployed, but are not configured adequately, and just the mere existence of a control does not imply that the control is functioning adequately. Extremely subtle configuration problems can create critical risk on your network. The commonly held belief that more gear equates to a heightened state of security is shown by these findings to be a fallacy because the required investment of time, skill, and atten¬tion to detail needed to configure a particular piece of gear is not readily available to many. Organizations remain confident in their purchased equipment and continue to expand their networks rapidly. This gives rise to a dangerously misguided confidence, whereas a need for greater awareness and education is the much needed solution. Taking the time to completely understand and fine tune the configuration of the security controls already in place on the network is more likely to improve your organization's security footprint than supplementing with even more gear and complexity.