+ Post New Thread
Results 1 to 4 of 4
IT News Thread, Study found that schools have most vulnerable web servers in Other News; Study found that schools have most vulnerable web servers A study done by Whitehat Security found that educational institutions were ...
  1. #1
    p858snake's Avatar
    Join Date
    Dec 2008
    Thank Post
    Thanked 175 Times in 151 Posts
    Blog Entries
    Rep Power

    Study found that schools have most vulnerable web servers

    Study found that schools have most vulnerable web servers
    A study done by Whitehat Security found that educational institutions were the most likely to be vulnerable while banks and healthcare institutions were the least vulnerable.

    According to NetworkWorld, the study is based off of data from 400 organizations that use the company as their web vulnerability management firm. They found that 71% of schools tested had vulnerabilities on their web servers all the time, in contrast to only 16% of banks had servers that remained unpatched. Whitehat said,

    "While no industry approached anywhere near zero for an annual average, banking, health care and manufacturing performed the best out of all the industries with 30, 33 and 35 serious vulnerabilities respectively per Web site during 2010 for a rough average of 2.5 or so vulnerabilities per month, on the opposite end of the spectrum, Retail, Financial Services and Telecommunications, whose Web sites had the most reported issues, measured 404, 266 and 215 serious vulnerabilities per site -- or between 18 and 34 per month."

    Being vulnerable can lead to a lot of different attacks, but the most common were information leakage and content spoofing. Both of these would allows an attacker to steal user information thinking they are giving to a trusted source rather than to the creator of the spoofed content.

    The good news from this study is that you can count on your bank to do its best to make sure your financial information is secure, they have the fastest patch time of all industries. Within 13 days of a vulnerability cropping up, the server is patched. The complete opposite can be said that for the telecommunications industry, they take an average 205 days to patch a vulnerability. The average for all businesses to get around to patching their vulnerabilities is 116 days.
    Source: Neowin

  2. #2

    FN-GM's Avatar
    Join Date
    Jun 2007
    Thank Post
    Thanked 1,811 Times in 1,559 Posts
    Blog Entries
    Rep Power
    Quote Originally Posted by p858snake View Post
    Study found that schools have most vulnerable web servers

    Source: Neowin
    Myself, as soon as windows updates are released the first thing i put them on is any public facing servers.
    Last edited by FN-GM; 17th March 2011 at 10:23 AM.

  3. #3

    Dos_Box's Avatar
    Join Date
    Jun 2005
    Preston, Lancashire
    Thank Post
    Thanked 2,302 Times in 1,063 Posts
    Blog Entries
    Rep Power
    Hmm. Which country was this report based on though. Many UK schools have their websites hosted for them, and in the case of some LEAs patching of servers (OS/web OS) and the underlying site software itself can be sporadic at best. The system seems to be 'All the web sites are working, let's not do anything to upset that now'. With IT support now covering many areas (long gone ae they days when you can know lots about everything you come into contact with) and a lack of dedicated (and trained) web support staff within schools would end up producing results like this. IMHO, it comes down to training, if schools are not willing to train their IT staff with teh same kind of training opportunities available to teaching staff then it is hardly surprising that things liek this occur.
    Besides, when a web security company does a survey declaring that a certain area is 'at risk' you can be sure there is an alterior motive for selling the services they provide to that 'at risk' area. If you are patched and your server access is set correctly then there is pretty much nothing else you can do until new vunerabilities are found and solutions provided.

  4. #4

    AngryTechnician's Avatar
    Join Date
    Oct 2008
    Thank Post
    Thanked 1,214 Times in 761 Posts
    Rep Power
    Usual rubbish tech reporting. Original story is from NetworkWorld and misquotes some out-of-context figures. A Neowin staffer then basically lifted the entire article out of his RSS reader* without fact-checking or adding anything but his own opinions.

    Take a look at the full report. First, it has an 'Education' category, not 'Schools', so we're almost certainly looking at universities here too.

    Second, education may have scored worst on exposure window, but saying 'banking' did the best is slightly misleading since they separate it from the significantly worse-off 'financial services' category, which the layperson would naturally assume were the same thing.

    Third, take a look at page 5 for the average number of vulnerabilities. Education does quite well, while financial services are the second worst on there.

    Fourth, their methodology (page 11) is poorly explained. No demographics data to speak of, so we have no idea of the geographic location of the organisations checked. They do say that only about 400 organisations in total were checked, but there's no breakdown of the number of organisations in each category. If we assume an equal spread across their categories, we could be looking at only 40 education establishments. Hardly a representative sample, is it?

    *How do I know this? The author left the ?source=nww_rss query parameter in the link he posted.
    Last edited by AngryTechnician; 17th March 2011 at 10:09 AM.

+ Post New Thread

Similar Threads

  1. Web 2.0 Committee in Schools
    By HTCIT in forum Group Project
    Replies: 7
    Last Post: 8th April 2010, 08:31 PM
  2. Student Web Servers
    By OllieC in forum Windows
    Replies: 8
    Last Post: 25th February 2010, 01:57 PM
  3. Web servers why is everybody using joomla
    By gibbo_ap in forum Web Development
    Replies: 5
    Last Post: 5th November 2007, 03:34 PM
  4. Urgent: Support vulnerable Children
    By russdev in forum Blue Skies
    Replies: 11
    Last Post: 12th June 2007, 04:35 PM
  5. Becta: Study of Thin Client technology in schools
    By CyberNerd in forum School ICT Policies
    Replies: 5
    Last Post: 12th May 2007, 01:11 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts