Saturday, February 9, 2013

Security+ Topic - Workstations

Did you try turning it off and back on again? I bet you have said that more than once no matter your line of work. Any node on your network needs to be protected by security measures and today we are looking at workstations. Younger system admins and network admins may look at the workstations as the end users little home and not want to mess with them but I tell you now; lock them down! More network and system issues come from those pesky things than anywhere else. Users on your network can be either very tricky or very stupid. Either way they somehow manage to always bring in some unwanted software onto your network. You should own and protect those pesky workstations just as much as you do your beloved company servers.


The main goal here is operating system hardening. Whether you know it or not there will always be little holes in your system from the start and even after you think you have your system locked down as tight as possible. Well, ok, maybe if you disconnect from the network and remove any possible way of adding/removing media then that would help. Baseline here is that every system is able to be compromised and it is up to you to try and mitigate that threat. Here I will cover some of the main topics as to how to help with these little problem children.


Software, software, software. I don't know how many times I have been gotten the request from users to install some software just for fun on their computer. They say its safe and that they just want it to play music or for something to do while they are waiting on something from someone else. Bottom line here is that you need to create a software policy signed off by your management. Having a document in place that says exactly what can be on someones computer with a list of case-by-case software makes your job so much easier. When John Doe comes in asking about software, you just show them the list of approved software and that it was signed off by management, they have no other avenue of complaint.


Services. There are some helpful services and then there are some not so helpful. Why would your end user need to be running a web server from their workstation? If they are a web designer then ok I get it but otherwise you are opening yourself up for exploit. Problems are found every day with older web servers and if these are on your network un-checked then they present a potential problem. We are all great at keeping our servers up-to-date but some software on workstations will slip through the cracks and not get updated, ever.


It comes down to the obvious here. When you are taking a look at your network make sure to scan each segment of your network and look for things that are out of the ordinary. Make yourself a baseline of what a computer should look like and it will make your job easier. Take the results of your scan and compare it to your baseline to find computers that are out of normal. If it is legitimately needed on your network then add it to an exception list. If not, take actions right away to address something that looks funny. You never know; your network could already be transmitting confidential information to the competitors.

-- Joe McShinsky