Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

The Four Most Dangerous Security Myths

"Network security has a particularly affinity for myths," he says. "It's hard to change an opinion once it's made, and a lot of IT and security professionals have based their opinions on received wisdom. They've heard about security risks, but they haven't tried it for themselves. Some of these opinions might have been based on reality but are no longer valid, and some is just based on what we've been told."

What they've been told is often only partly true, if at all, he says. It's often based on misconceptions and preconceptions. These myths can lull organizations into a false sense of security or distract them from the real business at hand. Either way, they are legion, though Peltier says that any organization serious about security can address the handful of the biggest and most egregious myths through a combination of experience and common sense.

"If you look at most other disciplines, you see facts and statistics to back things up," he says. "That's not always true about security. It's not enough to just hear about something, you have to check it out for yourself."

To help you separate truth from fiction, here are four of the most dangerous security myths.

1. Patches always fix the security hole: Peltier is particularly troubled by the complacency he sees surrounding patching. "An awful lot of people think that, once you've applied a security patch, you'll be okay," he says. "That just isn't true. Sometimes it works, sometimes it moves the vulnerability somewhere else, and sometimes it creates a new hole."

  • 1