venerdì 3 febbraio 2012

Le 43 cose che un amministratore di rete non dovrebbe mai fare

La mia attenzione si è imbattuta in questo post del blog di GFI.

Per certi aspetti l'elenco è disarmante; ne riporto i titoli così come sono in inglese, un giorno magari riuscirò a tradurli, ma i network admin sono sicuramente in grado di aprezzarli.

Networking
1. Leave the trailing dot off a zone file in DNS
2. Implement HOSTS files instead of fixing DNS
3. Implement recursive forwarding in DNS
4. Allow unrestricted zone transfers
5. Leave out WINS
6. Implement LMHOSTS files instead of fixing WINS
7. Implement a disjoint namespace
8. Bypass the firewall
9. Bridge networks
10. NAT internal traffic

Configuration
11. Apply a patch without testing
12. Make a change without testing and having a backout plan
13. Make several changes concurrently
14. Bounce a box figuring no one will notice
15. Use unsupported characters in any name
16. Run services using their own user account
17. Enable anonymous FTP uploads
18. Configure an open relay

Security
19. Leave default credentials intact
20. Use dictionary passwords
21. Use non-expiring passwords
22. Use shared/common credentials
23. Run unverified downloads
24. Use outbound permit ACLs instead of a proxy
25. Block PINGs
26. Deploy open Wi-Fi networks

Best practices
27. Surf the Internet while logged on as an administrator
28. Read email while logged on as an administrator
29. Skip documentation
30. Skip change logs
31. Implement a new system without a scheduled maintenance window
32. Implement a new system without including redundancy
33. Run backups without verifying restores
34. Skip a patch
35. Monitor too little
36. Monitor too much
37. Email when angry
38. Keep information a secret
39. Update information inconsistently
40. Violate licensing agreements
41. Practice other than they preach
42. Abuse their privileges
43. Test in production

Mi ricordano tanto le regole di Gibbs

Nessun commento:

Posta un commento