Securing Moving Targets
by Caroline Ikomi - CISSP, Technical Manager at Check Point - Monday, 25 February 2008.
However, policies alone are not enough. How should they be backed up and enforced? This is the role of port control solutions, which can automatically block a USB device that does not comply with the corporate security policy or prevent the transfer of certain files or file types. An example of a corporate security policy could include allowing encrypted USB devices – but not an iPod or mobile phone – from an authorised user. Again the ability to manage the security policy centrally will be a key requirement to the Security Department as in a large environment it would not be unusual to have 1000s of USB devices. Once the data is encrypted on an authorised device it must be accessible to the organisation if required through central administration of the system.

At the end(point)

This leads us to the third area of endpoint security. How do we protect the data on the machine from software threats such as application-level attacks or malicious code? The starting point for an effective endpoint security strategy is for every machine to run a firewall and antivirus protection with up-to-date signatures before it is granted a connection to the corporate network. This client should also ensure that the laptop is running the appropriate software patches and include a Virtual Private Networking (VPN) client for secure transfer of corporate information back to the corporate infrastructure. As with all endpoint security it is important that this is managed centrally. Other key points that should form part of the endpoint security plan are:
  • Client lockdown, to prevent mobile users and attackers from disabling endpoint security or enforcement of network access policy. The ability to deliver comprehensive, assured endpoint security and policy compliance across the enterprise enables threats to be defeated.
  • Inbound threats: laptop PC ports should only be opened for authorised network traffic and should block network intrusion attempts; port stealthing hides endpoint PCs from port scans.
  • Preventing unauthorised applications and malicious code from capturing and sending enterprise data outbound to hackers.
  • Email protection: this includes quarantining suspicious email attachments and inappropriate email – whether by network-based software or an in-the-cloud service – to help prevent address book hijacking.
Management matters

With endpoint security, each time we touch the remote device it is a cost to the organisation so the ability to centrally manage the security policy of the remote security solution will be a key factor in deciding on a solution. Security without easy, central control by IT administrators leads to holes in defences – holes which will eventually be exploited. Don’t underestimate the importance of management.

Looking specifically at the management issues around full disk encryption, ensure the solution you choose to deploy lets IT staff easily perform day-to-day functions, such as resetting users' and administrators' passwords and PINs. Make no mistake, many users will forget or lose their authentication details, so re-allocating these needs to be simple and secure. Furthermore, IT staff will regularly need access to users’ machines for routine upkeep tasks such as software patches and updates – so administrator access similarly needs to be secure and easy to manage.

For broader management of all endpoints, desirable management capabilities include the ability to exclude users or allocate specific user permissions; to create user groups; automatically push updates; integrate with existing LDAP or Active Directory infrastructures; and set configuration essentials such as user passwords, password lengths and strengths, retry attempts, lockout times and user recovery options. The other essential management issue is quick access to comprehensive audit and event logs, which give an audit trail on user and network events such as when users are changing passwords, if there were failed attempts to log in, or errors occurring. This visibility is essential from both a management and compliance standpoint.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th