Did you try turning it off and back on again? I bet you have said
that more than once no matter your line of work. Any node on your
network needs to be protected by security measures and today we are
looking at workstations. Younger system admins and network admins
may look at the workstations as the end users little home and not
want to mess with them but I tell you now; lock them down! More
network and system issues come from those pesky things than anywhere
else. Users on your network can be either very tricky or very
stupid. Either way they somehow manage to always bring in some
unwanted software onto your network. You should own and protect
those pesky workstations just as much as you do your beloved company
servers.
The main goal here is operating system hardening. Whether you
know it or not there will always be little holes in your system from
the start and even after you think you have your system locked down
as tight as possible. Well, ok, maybe if you disconnect from the
network and remove any possible way of adding/removing media then
that would help. Baseline here is that every system is able to be
compromised and it is up to you to try and mitigate that threat.
Here I will cover some of the main topics as to how to help with
these little problem children.
Software, software, software. I don't know how many times I have
been gotten the request from users to install some software just for
fun on their computer. They say its safe and that they just want it
to play music or for something to do while they are waiting on
something from someone else. Bottom line here is that you need to
create a software policy signed off by your management. Having a
document in place that says exactly what can be on someones computer
with a list of case-by-case software makes your job so much easier.
When John Doe comes in asking about software, you just show them the
list of approved software and that it was signed off by management,
they have no other avenue of complaint.
Services. There are some helpful services and then there are some
not so helpful. Why would your end user need to be running a web
server from their workstation? If they are a web designer then ok I
get it but otherwise you are opening yourself up for exploit.
Problems are found every day with older web servers and if these are
on your network un-checked then they present a potential problem. We
are all great at keeping our servers up-to-date but some software on
workstations will slip through the cracks and not get updated, ever.
It comes down to the obvious here. When you are taking a look at
your network make sure to scan each segment of your network and look
for things that are out of the ordinary. Make yourself a baseline of
what a computer should look like and it will make your job easier.
Take the results of your scan and compare it to your baseline to find
computers that are out of normal. If it is legitimately needed on
your network then add it to an exception list. If not, take actions
right away to address something that looks funny. You never know;
your network could already be transmitting confidential information
to the competitors.
-- Joe McShinsky
Saturday, February 9, 2013
Subscribe to:
Posts (Atom)