After reading a recent TechRepublic article about security mistakes that often made in enterprise organizations, I thought I would share some of my own. So this will be an ongoing post.
But before I get started, I would like to lead with the one from TechRepublic that started this.
How many keys to your data center have you given out? Do you have a spreadsheet with every name associated with every key? If not, why? If you aren't keeping track of who has access to the data center, you might as well open up the door and say, "Come steal my data!" And what about that time you propped the exit door open so you could carry in all of those blades and cable? How much time was that open door left unattended? Or what about when you gave out the security code to the intern or the delivery man to make your job easier.... See where this is going? --TechRepublic
User Accounts with Domain Admin Permissions
It is not uncommon to find that an entire organization has user defined security configured on the servers to protect confidential data from those that should not have access. But this process defeats the purpose when all of your user accounts have been giving Domain Admin security rights so that they can be local admins on their computers.