Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Basic Windows Security Question

from [PC Sage Information Services] Network Security [Permanent Link]
Subject: Re: Basic Windows Security Question
Date: Wed, 30 Mar 2005 18:05:23 -0500 

On Mar 29, 2005, at 4:20 PM, Andrew McIntosh wrote:

Hello Everybody,

I am curious to see the different suggestions for this scenario:

Suppose you have a small company of less than 100 employees. One of the
employees likes to bring his work home on occasion. He does so using a
USB thumb drive. One day he catches a [virus, worm, Trojan, spyware,
anything you can think of] at home and it winds up on his thumb drive,
which he in turn brings to the company network.

It is important to remember that ANY company, no matter how small, wisely invests in a security and auditing policy for their network, as well as the oft' overlooked disaster recovery plan (aka feces occurs). If employees and principles alike are not given clear guidelines for performing their work function, it opens the door to all manner of exposure for the company.

If only one of the employees likes to bring his work home, it seems that this is the anomaly and not the rule of employees there. The easiest method is to author a business policy to prevent this type of removal of company documents. It's clear that these documents are small in that thumb drives are currently maxing in the 1GB range, it might be better to provide vpn access and have the employee log in from home to access his/her files.



The company certainly should have anti-virus software in place, which
would fix that problem. But what if he unknowingly loads a key logging
program that could capture private customer information? What do you
suggest? Here is what I could think of so far:


If your users are given the appropriate permissions (aka NONE) this installation of outside software is easy to avoid.

Disable USB Port - That would solve the particular problem and create
other problems. For instance, substitute the thumb drive with a floppy
disk or CD. For obvious reasons you don't want to disable those as well.

Disable any hardware by profiles that doesn't fit into your organizations security policy.


Restrict user permissions - That could potentially prevent a program
from installing itself, but it would also cause the user some grief if
they need to install programs themselves, or even do simple things like
changing personal settings.

The largest threat to any company is NOT external hacking, it's internal misuse, and abuse that is the largest threat to data security. These people have access to sensitive business documents. Among the most important security considerations is privilege. In a Windows environment, I estimate it would be foolhardy to give users any permissions that could potentially wreak havoc with your hard work. The best bet is to give them NOTHING and dial up as required. In Windows, it's important to run at a lower level of privilege to avoid all of the latent cruft it seems vulnerable to at higher privilege levels. In-service training of users to utilize the 'Run As' command in Windows is quick and usually painless (the thoughtful admin will create the 'Run As' shortcuts ;) ) This will prevent a host of difficulties in your network.


Security Policy - Haven't looked into this yet, but maybe there is a way
to prevent the use of thumb drives and other specific devices through
security policy.

I'm hoping that you are hardening ALL Windows boxes before they go live with at least MBSA. Perhaps a bit of auditing would also help you track which users are ultimately responsible for the breach in policies you are about to work out with your corporate heads. :)


What do you think?

Thanks!

====================
amcintosh@ntad.com
====================



---------------------------------------------------------------------------
Earn your MS in Information Security ONLINE
Organizations worldwide are in need of highly qualified information security professionals. Norwich University is fulfilling this demand with its MS in Information Security offered online. Recognized by the NSA as an academically excellent program, NU offers you the opportunity to earn your degree without disrupting your home or work life.

http://www.msia.norwich.edu/secfocus_en
----------------------------------------------------------------------------

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Scanning--more then one side to the argument, Steve Fletcher
Previous by Thread:  Re: Basic Windows Security Question, Zaven
Next by Thread:  RE: Basic Windows Security Question, Reece, Terry
Indexes:  [Date] [Thread] [Top] [All Lists]