Today networks are facing more challenges than ever before. Users need to be more connected remotely and constantly up to date. If that isn't bad enough IT managers have to worry about the physical security of their equipment too. Stolen mobile communications such as smart phones and laptops pose some of the most immediate physical security threat. In 2007 a large retailer reported that a stolen laptop contained personal data of employees and customers.
Lost backup tapes have posed to be a significant breach as well. In 2008 a large financial services company announced a missing tape containing personal customer data, and in 2007 a driver for an offsite tape company reported missing an entire case of tapes containing nearly 10 years of personal financial data.
Though laptops and lost backup tapes pose significant threats to Network Security, the largest threat is employees themselves. Sure you have some cases where the employee is maliciously trying to cause undue harm upon the organization, but in most cases it's very innocent. Perhaps they're going on vacation and have their out of office reply forward to Gmail. Maybe they want to work from home on this one document so what's the harm in emailing it to them self or saving it on a USB thumb drive?
All the firewalls, intrusion detection systems, encrypted VPN tunnels, and RSA keys can't prevent employees from making poor choices. We can do our best with educating employees on proper and appropriate computer use but it is still our responsibility to assure they can't hurt themselves.
So what are some basic things we can do to protect ourselves?
1) Actually enforce the password policy. Most organizations have a password policy, some even dictate in the employee handbook - even less actually enforce it. Enforce your password policy for every employee. Force them to set passwords using characters, numbers. Be careful though that you don't go overboard. If you enforce a password policy that is too strict or too frequent users will end up writing it down on a sticky and taping it to the front of their monitor. Equally frustrating, as well as costly, will be the increase demand on the service desk for password resets.
2) Prevent users from emailing attachments outside the network. Since that is pretty extreme and unreasonable at least enforce that attachments must be encrypted.
3) Prevent mail from being forwarded outside your domain. Employees will shoot you with daggers in the hallways, but prevent them from forwarding emails outside your domain. In addition to preventing them from automatically forwarding emails to their personal email you will prevent the spread of more corny jokes across the world.
4) Disable USB flash drives. There are third party software applications that will block USB flash drive access, and Windows XP will even allow you to disable it through the deletion of registry keys and system files. Disable this access. It might make your job in IT more difficult, but it can prevent people from walking off with data.
5) Monitor user activity. Make sure you have adequate software to monitor your users. Monitor internet and email activity. Audit it regularly. It's better to know if you have a potential threat before it comes upon you.
6) Security Tokens. Forcing users to use a security token, or something similar, adds a layer of protection to your environment. Users will be forced to have this token as well as their password.
7) Encryption is your friend. Encrypt everything you plan to have offsite. Tapes, Laptops, etc.
8) Audit yourself. Don't be afraid to audit yourself and your data. It's important to understand our own flaws so we can address them.
9) Proper hardware. Make sure you have invested in and have properly configured firewalls. They are the key to your VPN access and the first line of defense in a security breach from the outside
10) Software updates and Virus Protection. A single vulnerability can bring down an entire network. Horror stories of the ILoveYou Virus brining entire exchange organizations down are legendary in our business. Make sure you do your due diligence. Far too few IT departments pay close enough attention to updates and the virus scanners on their networks.
11) Offsite Storage. I discussed earlier a couple of cases where tapes were lost by offsite storage. If you are large enough that you can invest in building your own offsite facility for company data that is great. If not make sure you are vesting your storage facility properly and adequately. Ask for reports of what is going on and demand audits of your tapes by a third party.
12) Enforce security policies. When a laptop or mobile phone goes AWOL have the system wipe itself after a predetermined amount of failed logins or other criteria. This will also encourage users to not lock their accounts out or forget their passwords.
There are a lot more things one can do to protect themselves when it comes to network security, but these are just some of the basics to get started. Network security is more than just complex passwords nowadays and breaches will happen. It's up to the CIOs and IT managers though as to how they respond to those breaches.
In the 1980s and 1990s, business applications and data were largely confined within and protected by a Local Area Network (LAN). The 2000s introduced a significant change. Download this white paper now to learn why the shift to the cloud is changing how companies think about and manage their IT infrastructure. more
Microsoft moved to the cloud in 2014, and, as a result, Office 365 is taking off. Now, Okta customers are connecting to Office 365 in increasing numbers. This eGuide explains why IT departments should plan and deploy solutions around identity and mobility management in concert with their Office 365 roll out to get maximum user adoption. more
For most companies, Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) play a central role in coordinating identity and access management policies. When on-premise applications are integrated to Active Directory or LDAP, users get the best possible experience. That's why Okta's cloud-based identity and access management service provides a highly useful single integration point. more
With more and more businesses adopting Software-as-a-Service (SaaS) applications, enterprise IT is fundamentally changing. This whitepaper presents the eight biggest Identity and Access Management (IAM) challenges associated with adopting and deploying cloud and SaaS applications, and discusses best practices for addressing each of them. more