Security | Bach Seat

Tag Archive for Security

RB | June 7, 2005

Comments Off

Anti-Spyware Best Practices

·Anti Spy-ware Best PracticesMake a spyware protection company policy. To protect your business’s best interests, anti-spyware protection should be required software on every computer.

Use more than one anti-spyware application

Regardless of what anti-spyware vendors claim, you almost always need more than one program to protect against a lot of adware and spyware. Experts say the best protection you can get is only probably around 70% using a combination of the two leading anti-spyware programs.

Use a centrally managed anti-spyware solution

Centrally managed software usually works best for companies with more than just a handful of computers. Spyware protection is no different. There are several vendors, such as Webroot and CA, which offer such software. If you have roughly 10 or more Microsoft (MSFT) Windows-based computers and want to save time, effort, and money in the long term, you should definitely consider this route.

Use a layered defense

The best defense against any information threat is a layered defense. You have a greater chance of defending against spyware if you use anti-spyware software combined with anti-virus software, personal firewalls, and host anomaly detection/intrusion prevention software. You can even help prevent infections at the network perimeter by utilizing spam and content filtering for inbound emails.

Lockdown your systems

A spyware defense that deserves separate mention is to configure Windows and Internet Explorer to be more secure. There are simple things you can do that will make a world of difference. For starters, make sure your systems are configured to be “hardened” from the elements. Roberta Bragg has written extensively on this topic at SearchWindowsSecurity.com. These hardening tricks are very easy to implement, and you can even push a lot of them out via Active Directory Group Policies.

Also, configure Internet Explorer (or whichever browser you use) to have pop-up blocker protection. This feature is built into most new browsers, and there are several well-known third-party applications for this. A good one for Internet Explorer is the free Google toolbar. It not only blocks most pop-up ads that harbor spyware, it also serves as a quick and convenient way to perform Google queries while browsing the Internet.

Use a more secure browser

Internet Explorer is a huge target for pop-ups, phishing, executable code, and other hacker vectors. If possible, use a more secure Web browser such as Firefox or Opera. These browsers likely have 99% or more of the functionality your users need with less hassle.

Install anti-spyware protection before new computers are deployed

Rather than installing spyware protection and cleaning utilities after you suspect infections, put it on systems before they’re deployed into the wild. For existing systems, simply install your favorite anti-spyware application such as Spybot Search and Destroy, Ad-Aware, or PestPatrol (or a combination of two or more). Let the software clean your systems and simply keep it running full-time in the background to act as a preventative layer to keep your systems protected.

Protect every Windows-based system on your network

Anti-spyware software is no longer just for workstations – it needs to be on servers, laptops, and any system running Windows – regardless of whether or not they are networked. Windows is the OS of choice for most spyware infections (at least for now) so make sure every single Windows-based system has protection.

Remote users might not be receiving updates

If you have remote users, remember that their systems may not be receiving the proper anti-spyware and other software updates.

Educate your users

User gullibility, ignorance, and carelessness are the main causes for infection. People clicking “yes” or “OK” in pop-up windows allowing software to be installed opens up the floodgates. Downloading and running seemingly innocuous programs doesn’t help the cause either. Educate your users on what to do and what not to do. Give them examples of what can happen when spyware infects a computer and how that relates to their everyday job functions. It’s amazing how much buy-in you can get using this technique.

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: 2005, Ad-Aware, Malware, Microsoft, MSFT, Security, Spybot – Search & Destroy, Spyware, Windows

RB | June 3, 2005

Comments Off

Network Security Layering

Most companies are prepared for threats to their networks from the outside world. However, security breaches from within the corporation often pose the biggest concern. In this post-Enron world of increased corporate governance, IT managers must deal with both technical and human challenges to meet their companies’ security requirements. New legislative mandates, such as the Sarbanes-Oxley Act, the Health Insurance Portability and Accountability Act, and the Graham-Leach-Bliley Act, also exist.

When considering securing a network, it’s essential to take a holistic approach, from the physical layer to the application layer. Thorough security policies, appropriate authentication mechanisms, and effective user education must complement the technologies implemented within the network.

The security-layering concept allows for variable-depth security. Variable-depth security occurs when each security level builds upon the capabilities of the layer below, resulting in more stringent security moving up through the layers. This can help protect organizations from security breaches that may come from within, as layering provides multiple measures of security controls.

The first security layer: VLANs

At the first layer, essential network compartmentalization and segmentation can be provided by virtual LANs. This allows various business functions to be contained and segmented into private LANs. Traffic from other VLAN segments is strictly controlled or prohibited. Several benefits may be derived from deploying VLANs for small to midsize businesses across the company’s multiple sites. These include the use of VLAN “tags.” VLAN tags allow traffic segregation into specific groups, such as finance, human resources, and engineering. It also prevents the separation of data without “leakage” between VLANs as a required element for security.

The second layer: Firewalls

The second layer of security can be achieved with perimeter defense and distributed firewall-filtering capabilities at strategic points within the network. The firewall layer allows the network to be further segmented into smaller areas, monitors it, and protects against harmful traffic from the public network. In addition, an authentication capability for incoming or outgoing users can be provided. The use of firewalls provides an extra layer of protection that’s useful for access control. The application of policy-based access allows the customization of access based on business needs. Using a distributed firewall approach affords the added benefit of scalability as enterprise needs evolve.

The third security layer: VPNs

Virtual private networks, which offer a finer detail of user access control and personalization, can be added as a third layer of security. VPNs offer fine-grain security down to the personal user level and enable secure access for remote sites and business partners. With VPNs, dedicated pipes aren’t required since the use of dynamic routing over secure tunnels over the Internet provides a highly secure, reliable, and scalable solution. VPNs with VLANs and firewalls allow the network administrator to limit access by a user or user group based on policy criteria and business needs. VPNs give more robust assurance of data integrity and confidentiality, and strong data encryption can be enacted at this layer to provide more security.

The fourth layer: Solid security practices

Best practices by the IT security team are yet another level in a layered network security strategy. This can be achieved by ensuring that operating systems are protected against known threats. (This can be accomplished by consulting with the operating system manufacturer to get the latest systems-hardening patches and procedures.) In addition, steps must be followed to ensure all installed software is virus-free.

Securing network management traffic is essential to ensuring the network. To protect HTTP traffic, it’s preferable to encrypt all management traffic at all times using the IPsec or Secure Sockets Layer protocol. Encryption is a must even if traffic travels on the local-area network.

Category: Uncategorized | Tags: 2005, Best practices, Encryption, Firewall, HIPAA, IPsec, LAN, RADIUS, Risk, Security, SNMP, SOX, SSL, VLAN, VPN

S	M	T	W	T	F	S
					1	2
3	4	5	6	7	8	9
10	11	12	13	14	15	16
17	18	19	20	21	22	23
24	25	26	27	28	29	30
31

Bach Seat