Surprise is the word i will use often when i step into a customer organization and realized how lack of security knowledge the IT administrator is. I will start off my blog touching on the basic of security from the desktop to the parameter... Note that i will not be going in the details of security each point. This is just a guideline to the "newbie" administrators out there that probably do not know what is needed to be secured in their network.
To simplified things, I will break down the network into 2 parts.
-End Point refering to the Desktop/Servers (Part 1)
-Parameter refering to the line where it separate the internal network from the external internet. (Part 2)
**Mid level security such as usage of VLANs or Network access security will not be mention in this blog. It will be touch in my later entries.
End Point Security Guideline
Till these day, there people who think that risk only come from external factor and therefore spend thousands of dollar securing their parameter and leaving the desktop open to risk. This is a extremely wrong concept as today's risk doesn't come from external alone.
Desktop is open to various type of risk such as data theft, virus, hack tool, etc. In today modern technologies, IT gadget are getting smaller and cheaper. A USB flash drive coming in the form of a pen only cost SGD10.00 can is easily available off the shelves. Such device are brought easily into any corporate office and any system that is not secured would have its data downloaded into the devices easily. Issues about resigned employees stealing data is very real or unhappy employees injecting virus to the production environment is very common.
Desktop has to be installed with Anti virus to keep itself away from virus. I will not elaborate on the anti virus as i assume everyone know the important of having a updated anti virus on its desktop. I will instead elaborate on securing of endpoints ports (E.g USB, Bluetooth, Infra, etc) something that many administrator are unaware of. Desktop ports can secure with various method such as using registry to lock up the various physical port in the notebook or computer. This method is free as no third party software is needed. But the administrator doing it must have pretty good knowledge of the registry setting and keep a tidy and huge record of the computers that registry had been changed. Alternatively, there are third party software in the market that provide the administrator a cool and user friendly interface to do the job above.
Such software normally allow the administrator to decide what are the ports (E.g USB, Bluetooth, Infra, etc) to be allow for use. Informations transferred across the system to the external are also audited. This is to prevent employees from copying sensitive informations and deny doing it. A better End point security software will even encrypt the data leaving the system to the external device. This is to prevent data from falling to the wrong hand should the device be stolen or lost.
As a best practice, the administrator should only allow company register external device to be allow for use in the end point, all data transfer should be logged and all data leaving the system to the external device should be encrypted.
Hardening of Desktop/Servers
Beside the usage of Endpoint software to locked down the ports and control the usage of external devices, there are also some simple practices that we should look into;
1) Password control - Password policy should be in place to prevent un-authorized access.
2) Remote administration - should be disable to prevent un-authorizes access
3) Administrators rights - Proper rights should be assign to user of the workstation
4) Guest account - Guest account and additional account should be disable.
5) Unauthorized Notebook, workstation should not be allow access to the LAN
6) All security vulnerability should be patched
7) Unuse ports should be closed.
I hope this blog can be useful to some in the light of Desktop security..
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment