Leader: No respite from security headaches

It is the job of any security professional to exercise constant vigilance. Bodyguards, for instance, are trained that way. And IT security pros are no exception.

But this is made all the more difficult when new vulnerabilities are popping up all the time - sometimes undetected for months or weeks. Now even less than a day is enough time for a hacker to exploit a new software hole.

The SANS Institute today published a list of the top 20 targets for hackers - which included the likely suspects of Microsoft applications and Windows along with Mac OS X and Unix.

Interestingly the same technologies that were causing problems years ago are apparently still a headache.

VoIP phones, for example, made the top 20 list, even though the warnings over VoIP and advice on how to secure the IP networks have been around for years. P2P applications and media players were also named, though they've been threats for at least the past five years.

We're obviously not making too much progress in securing these technologies.

One of the biggest problems with software, according to SANS, is that vendors are selling incomplete applications. For an application to be secure, constant updates are required. This process takes up considerable time for the IT departments responsible for testing and deploying those updates. Some companies have even dedicated patching staff, who clean up the mess left by the vendors.

After reading the SANS list, an IT user would surely ask: so which software or technology can I use? Given that Windows, Mac OS X and Unix all have vulnerabilities, it's a situation of choosing the lesser of three evils.

So the list serves some use as a guide on what to watch out for. But it does little to help a business feel confident its systems and networks are secure - for that, you still need that continual vigilance.