Small Office

Previous page
Table of content
Next page

Jones Hardware of San Antonio, Texas, is a family-owned chain of hardware stores. There are ten stores in all, and one of the stores has some extra offices where a headquarters of sorts resides. Each store has two or three desktops, while the headquarters offices have ten desktops and one Windows server.

The computers at each store are used for point-of-sale transactions, to track inventory, to maintain employee schedules and payroll, and to place inventory orders with headquarters. The stores also have a shared digital subscriber line (DSL) Internet connection so that they can correspond with vendors via e-mail, connect to headquarters, and conduct Internet research. Jones Hardware relies pretty heavily on computers, but has no IT staff at all.

On a recent store visit, the CEO Stewart Jones found that two of the three computers were out of order. The sales clerks were issuing paper receipts, some items were out of stock because the inventory program wasn't available to prompt the store manager to order more, payroll was coming up, and the payroll program was on one of the broken computers. Nobody knew how to fix them.

Jones asked around and discovered that the out-of-order computers were crashing constantly because of virus and spyware infections. They had antivirus on them, but it wasn't being updated consistently. The store manager called a computer consultant to repair the systems periodically. The consultant was paid from the register.

This was a real problem. Jones asked a computer-savvy friend of his how to solve the problem, and the friend suggested that a HIPS might work.

Limiting Factors

If a HIPS were going to solve the problem, it had to do so without supervision of any kind. Jones Hardware couldn't afford to hire even a part-time IT person. Also, the solution had to work on the existing systems without any upgrades or additional hardware.

Security Policy Goals

The chain doesn't have a computer security policy of any kind. Jones did, however, want to establish some goals so that he could measure the success of the HIPS:

  • Reduce the virus and spyware infections by 99 percent

  • Reduce the computer consultant visits

Spyware

Spyware refers to software on your system that surreptitiously monitors your actions and activities (such as the web sites that you visit). It can also steal your identity or allow for the download of other malicious software. Most spyware software is installed on your system without your knowledge.


HIPS Implementation

Jones brought the idea of using IPS to its regular computer consultant. The consultant thought it was an excellent idea and volunteered to select and implement a HIPS product. Jones wanted a high-level project plan and quote before he agreed. The plan was to include the following:

  • The target hosts

  • The management architecture

  • Any configuration suggestions

Target Hosts

All of the computers at Jones Hardware are to be protected by HIPS agents. The store computers are the most important systems, so they are implemented first. When the stores are finished, agents are put on the headquarters systems.

Management Architecture

One of the limiting factors is that the agents have to work without supervision. Therefore, the agents are unmanaged. They have no management server and no local user interface (UI). The consultant prepackages the agents with the configuration in his lab and installs them on Jones' computers.

This unmanaged approach presents some risk. Jones Hardware might require changes to the agent configuration at a future date and have no way to make them. Stewart Jones recognizes the risk, but prefers a theoretical risk over the demonstrated risk of viruses and spyware.

Agent Configuration

The store agents have a restrictive configuration while the headquarters agents take a balanced approach. The stores have a restrictive configuration because they are the most important computing resources Jones Hardware has. Sales might be lost when a store computer goes down. Also, they are running only a few legitimate business applications. If a false positive occurs, it is okay as long as the business applications work properly.

The headquarters agents have a balanced configuration. The users at headquarters are accustomed to having some level of control over their systems. Also, the users at headquarters are more computer literate, so they have some chance of repairing a machine that is infected. The store employees cannot be expected to repair their systems.

In either case, the primary goal of the configuration is to stop viruses, worms, Trojans, spyware, and adware. The agents use the Internet to automatically update any signatures they have. Once the agents are deployed, the consultant will come by periodically to make any needed configuration changes and to verify that the goal of reducing malware by 99 percent has been achieved.

NIPS Implementation

Because of the limiting factor that the IPS operates without supervision, Jones Hardware did not consider deploying a NIPS solution. A NIPS solution would require at least minimal resources to configure and manage the system on an ongoing basis.



Previous page
Table of content
Next page
Intrusion Prevention Fundamentals
Intrusion Prevention Fundamentals
ISBN: 1587052393
EAN: 2147483647
Year: N/A
Pages: 115
Authors: Earl Carter, Jonathan Hogue
BUY ON AMAZON
Beginning Cryptography with Java
Professional Java Native Interfaces with SWT/JFace (Programmer to Programmer)
Developing Tablet PC Applications (Charles River Media Programming)
The New Solution Selling: The Revolutionary Sales Process That Is Changing the Way People Sell [NEW SOLUTION SELLING 2/E]
File System Forensic Analysis
Junos Cookbook (Cookbooks (OReilly))
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy