System Administration Mistakes to Avoid

system administration

It’s a cold morning at the office. You get a phone call from the Business Development manager of your organization. From the tone of his voice, he sounds panicked.

He proceeds to inform you that he’s in the middle of a presentation that could potentially land the company a huge new account. That means big bucks.

There’s only one thing standing in the way: He can’t access three specific sites because they’re blocked.

Since you’re in charge of system administration he needs you to open them up in the firewall so he can finish his presentation. As you hold the phone up to your ear, you feel a cold sweat forming on your brow.

You don’t have time to find out why those sites are blocked. Do you make the exception and unblock the sites? Or do you reject his request and risk losing the account along with the millions it would have brought with it?

This article takes an in-depth look at how a momentary lapse in judgment could jeopardize an organization’s system security. Read about the common system administration mistakes you should avoid at all costs.

What Does a Systems Administrator Do

System administrators often find themselves caught between a rock and a hard place. They’re burdened with a lot of responsibility often having to make difficult decisions and sometimes having to defy authority in their line of duty.

They are in charge of an organization’s entire computer system. From making sure that services are not interrupted to sealing all possible security loopholes that may exist in a network. They are modern-day superheroes – to their organizations at least.

But, that is not to say they are incapable of making mistakes. After all, to err is human. Some of the system administration mistakes every competent administrator should avoid are:

1. Making Firewall and Web Filter Exemptions for Individual Computers

When you make an exemption, the rules you create use the IP address for that particular machine. Remember however that these addresses are assigned by DHCP (Dynamic Host Configuration Protocol).

It essentially means that every time a computer accesses a network, it is assigned a different IP address. So the address you used to make an exemption for one machine could be the same address assigned to a different machine the following day.

The user on the new machine would now have access to a level of information they may not ordinarily have rights to. The best way to overcome this challenge is to have a company policy in place for the user requesting an exemption to state how much lead time they require to service a request. Additionally, administrators should remember to periodically delete any rules that have been configured.

2. Outgoing Firewalls Are Just as Important as the Incoming Ones

Configuring outgoing traffic rules is often overlooked by many system administrators, perhaps because it’s a more intricate process than creating rules for incoming traffic. The outgoing rules have to make sure that they don’t impede authorized traffic and apps that require access to the internet.

Say for instance a device on the network has been compromised. Unauthorized third parties could then use that as an opportunity to deploy malware, generate spam or even host zone data for a fake domain. This is the reason why setting up outgoing rules is just as important.

3. Using Root Privileges to Run Scripts Is a System Administration Rookie Mistake

The whole point of systems security is to ensure that clients only access the privileges they require to do their work as detailed in their job descriptions – no more, no less. So, what does a system admin do when they run applications as root-user?

Well, you basically allow the app in question to access root privileges which means it now has the uninhibited ability to control the organization’s server. It’s literally the easiest way for attackers to gain access to the company’s most prized possession – the server.

Think about all the horrible implications that would expose the system to? Let that sink in for a moment.

4. Using the Same Password in Control Systems

Lots of people tend to recycle the same password for multiple mediums. You’ll often find yourself using the same password for your smartphone, computer, email, and social networks.

It makes it easier to remember right? If a security systems administrator does this, it opens up the company’s network to the potential for a serious security breach.

Recycling passwords for control systems means that all an attacker needs to do is crack one system password and voila! They’ll have access to all the other systems the company uses.

To mitigate this eventuality, system administrators should use key files instead. They offer a higher level of security especially if the hackers intend to use Brute Force attack to guess system passwords.

5. Forgetting to Renew the SSL Certificate

All SSL certificates come with a validity period. That means at some point they will expire. So, what do system administrators do when they forget to renew their site’s certificate?

Well, for one, they can start packing all their workstation belongings into a little box and exit the building because they’ll get fired. Once customers lose their confidential data (like credit card information) to third parties with malicious intent, it’ll be a long time before they ever trust the site again.

In addition to this, when potential customers are met with the unsecured connection warning, they simply won’t continue with the transaction. The implication of this is that the company loses potential business.

The Bottom Line

The importance of server administration cannot be overstated. Foolproof system administration involves keeping up with the latest trends in the industry as well as all the sophisticated tactics hackers are now using to access networks. It also involves making sure system administrators have covered all the “obvious” bases.

Are you looking for a reliable web hosting service? Here are 5 reasons why you should choose an Irish web host.