Five things you can do right now

According to today’s article by Roberta Bragg, computers are “a small part of information security”. Strong information security policy requires “a comprehensive plan that secures information wherever it resides—on the mainframe, on the Linux Web server, in the Active Directory, on a PDA, in or available through smart phones and in the hearts and minds of employees, contractors, partners and customers of your organization”.

Making security as easy and as pervasive as breathing won’t happen overnight. Security campaign should be mounted in at least two directions: “a) The big picture, and b) The intimate reality of your day-to-day work”.

IT security implementation consists of the following steps:

1. Create a Stronger Password Policy

There’s no reason you can’t impose policy-based restrictions on IT administrators or anyone who requires special access to servers. They include those who do backups or have admin privileges on a server in order to administer a database or other server application.

2. Lock Down Remote Administration

Where possible, use IPSec or other protected communications. You can also use IPsec to block access to ports required by your remote administrative programs, and then allow administrative access to the ports by allowing access from designated administrative workstations.

Require that computers with sensitive roles or data be administered from the console only, and enforce that by preventing administrative accounts from accessing the computer across the network.

3. Lock Down Administrative Workstations

Designate certain workstations as administrative workstations and harden them, by putting them in a secured area, reinstalling the operating system and adding the latest service pack and security patches (do this off the network). Use IPSec or a personal firewall to control egress and ingress (what goes in and out) and use software restriction policies to prevent the use of non-approved software. Use the workstations for administration only; no playing Solitaire, no e-mail.

4. Physically Secure All Systems

Keep servers locked up. Remove CD-ROMS and floppies from computers in public areas. Provide traveling laptop users with cable locks. Make sure those with access to the data center don’t allow others in. Don’t allow tailgating—the process where someone follows an authorized person into the data center. Teach security guards to look for contraband. (Even those picture-taking phones should be considered unacceptable in many organizations.)

5. Learn To Shut Your Mouth

It’s not rude to refuse to talk about issues that might compromise security. It’s a good practice. Think of the security of your information systems as if you were protecting your family or your country. Don’t let your complaint, need to impress people with your knowledge or request for help made to a public list reveal more than it should.

Hardening networks isn’t a simple chore, nor is it one that can be done overnight. The key is to start right now. Remember: Hardened systems are secure systems.

This blog is run by the authors of FindProtected.
FindProtected is a security program that allows you to search for password protected files. With FindProtected, you can effectively identify protected files containing sensitive data on your network.

Comments are closed.