Don't be lulled into thinking your data and corporate network will ever be completely secure, according to two separate features about network security in InformationWeek and CIO magazine. For one thing, hackers are getting better at exploiting security vulnerabilities and disseminating the results of their forays more widely through automated toolkits.

What's more, many of us fall prey to security myths that make us feel safer than we really are. Below are some common misconceptions (as listed in InformationWeek and CIO magazine) that can make us even more susceptible to the misdeeds of hackers:

Misconception #1: Encryption offers complete protection.

Not quite. While encryption makes the captured data hard to read, encryption standards do have some weak spots that can be exploited by well-equipped hackers.

Misconception #2: Firewalls will keep us safe.

Again, don't think of any one security measure as a silver bullet. "You can read the entire IP (Internet Protocol) trail through the best firewalls and sniff out these systems," Steve Thornburg, an engineer with Mindspeed Technologies, tells InformationWeek.

Misconception #3: Network administrators can control what gets in and out.

Not exactly. Says this CIO feature, "networks are inherently dynamic and very hard to control." In fact, they can be likened to "teenagers who will never grow up, stabilize and check in from wherever they happen to be at midnight."

Misconception #4: Relying on one or two vendors will bolster security.

Actually, it can compromise safety. "Monoculture in computing, like monoculture in agriculture, is a risk to survival," according to the CIO article. In contrast, heterogeneity can boost security.

Misconception #5: Hackers don't bother with old software.

Actually, they often attack Web servers that haven't been updated or patched recently. So don't think you're not a target just because you're running a legacy system.

Misconception #6: Macs are invulnerable to attack.

Many Macs run Windows programs or are linked with Windows machines, making them just as susceptible to hacker exploits. What's more, last year's Mac OS X environment has 37 vulnerabilities, according to a recent Symantec report.

Misconception #7: Security tools and software patches increase everyone's safety.

Hackers can use some tools to reverse-engineer patches that Microsoft disseminates through its Windows Update service. By investigating how the patch has changed, a hacker can determine how it's circumventing a certain vulnerability and then figure out how to exploit it.

Misconception #8: If your corporate network hasn't been breached, hackers can't cause any harm.

Security can be jeopardized by users who bring a company laptop to an unprotected connection at home or at a Wi-Fi hotspot. In fact, hackers can even dupe users into logging onto their networks by setting up covert Wi-Fi access points near hotspots.

Misconception #9: If your company is a security enterprise, your data is secure.

It turns out that even the most security-savvy organizations can fall prey to hackers. Take George Mason University in Fairfax, Virginia, for example, which houses the Center for Secure Information Systems. Hackers infiltrated the university's main ID server and set up tools there to get into other university servers, gaining access to the names, Social Security numbers and photos of more than 32,000 students and staff members.

In short, there are no quick fixes in network security. Safety involves constant vigilance.

Sources:

7 Myths About Network Security
Michael Cohn
InformationWeek, April 1, 2005
www.informationweek.com/story/showArticle.jhtml?articleID=160502345

The Seven Myths of Network Security
John Loiacono
CIO, February 14, 2005
comment.cio.com/weighin/021405.html