At the end(point)
This leads us to the third area of endpoint security. How do we protect the data on the machine from software threats such as application-level attacks or malicious code? The starting point for an effective endpoint security strategy is for every machine to run a firewall and antivirus protection with up-to-date signatures before it is granted a connection to the corporate network. This client should also ensure that the laptop is running the appropriate software patches and include a Virtual Private Networking (VPN) client for secure transfer of corporate information back to the corporate infrastructure. As with all endpoint security it is important that this is managed centrally. Other key points that should form part of the endpoint security plan are:
- Client lockdown, to prevent mobile users and attackers from disabling endpoint security or enforcement of network access policy. The ability to deliver comprehensive, assured endpoint security and policy compliance across the enterprise enables threats to be defeated.
- Inbound threats: laptop PC ports should only be opened for authorised network traffic and should block network intrusion attempts; port stealthing hides endpoint PCs from port scans.
- Preventing unauthorised applications and malicious code from capturing and sending enterprise data outbound to hackers.
- Email protection: this includes quarantining suspicious email attachments and inappropriate email – whether by network-based software or an in-the-cloud service – to help prevent address book hijacking.
With endpoint security, each time we touch the remote device it is a cost to the organisation so the ability to centrally manage the security policy of the remote security solution will be a key factor in deciding on a solution. Security without easy, central control by IT administrators leads to holes in defences – holes which will eventually be exploited. Don’t underestimate the importance of management.
Looking specifically at the management issues around full disk encryption, ensure the solution you choose to deploy lets IT staff easily perform day-to-day functions, such as resetting users' and administrators' passwords and PINs. Make no mistake, many users will forget or lose their authentication details, so re-allocating these needs to be simple and secure. Furthermore, IT staff will regularly need access to users’ machines for routine upkeep tasks such as software patches and updates – so administrator access similarly needs to be secure and easy to manage.
For broader management of all endpoints, desirable management capabilities include the ability to exclude users or allocate specific user permissions; to create user groups; automatically push updates; integrate with existing LDAP or Active Directory infrastructures; and set configuration essentials such as user passwords, password lengths and strengths, retry attempts, lockout times and user recovery options. The other essential management issue is quick access to comprehensive audit and event logs, which give an audit trail on user and network events such as when users are changing passwords, if there were failed attempts to log in, or errors occurring. This visibility is essential from both a management and compliance standpoint.