Category list

The Educated End User and Security Review Process

Your best defense for your workstation perimeter is truly an educated end user. Recent years have seen the increase of blended threats where viruses drop Trojans, or a machine is made into a bot to be used in a larger attack on another system or systems, or even rootkits where programs that were once only in the UNIX system are now are being introduced to the Windows administrator. Rootkits are designed to be undetected programs that silently gather data or other malicious tasks . Although the Windows administrator can control the workstations and can ensure that antivirus is kept up-to-date along with antispyware, the reality is that your best defense is a well-trained end user. Understanding social engineering attacks, choosing strong passwords, monitoring physical safetyall these are key elements that need help from the end users in your network.

So, what's the first step toward an educated end user? First and foremost is an acceptable use policy. Before you can set the security goals of your firm and put in place the technology tools to assist you in meeting these targets, you need to identify with the business owner what is deemed acceptable.

Is the firm you are consulting for bound by regulations to protect certain kinds of data? Is the data required to be handled and transmitted in a certain manner? Where is data stored throughout the network? All these questions need to be answered before you can set an acceptable use policy.

Sample policies can be found at the SANS.org website but need to be tailored to your needs and possibly reviewed by a human resource attorney. What does your firm consider acceptable in the office? Is unlimited instant messaging part of the acceptable business use of computer equipment at your firm? For some firms, IM is part of the business structure and is not considered a time waster . However, there should be guidelines and notification that conversations done on business equipment can be logged, reviewed, and tracked. For most firms, illegal downloading of digital assets is considered inappropriate at best, illegal at worst.

Best Practice: Educating the User

No other single device or technology can secure a network as well as an educated end user. As Steve Riley, Senior Security Product Manager for Microsoft recommends, place security posters in bathroom stalls. You will have a captive audience because there won't be anything else for them to read ( http://nativeintelligence.com/posters/security-posters.asp) .

Consider awarding employees for selecting strong passwords or conforming to best practices. Award those who handle desktop data security appropriately.

Make sure that the staff is informed that only approved software is allowed and that only those parties who have the rights to download should be downloading. Stress to everyone in the office how they too are a part of the security fabric of your network. Consider as part of your managed services, information about common security hoaxes and scams on the Internet. Some of the best resources for being aware of such scams include the web resources such as Snopes.com and the Oops newsletter from Sans.org. You may want to consider sending monthly reminders to your clients of these social engineering issues.

Tables 10.6 and 10.7 present two sample checklists that can serve as memory joggers for you to think about this as an ongoing process that needs to be reviewed regularly.

Table 10.6. Monthly Security Checklist

Issue	Done	Comment
Review Help desk requests .
Discuss any security issues with client. Malware/Spyware Viruses
Backup running and tested .
Disk space growth reasonable.
Daily monitoring email reviewed and all questionable items cleared.
Review ports open on firewall.
Review services running, memory use growth.
Review security bulletins for patch issues (at the top of each bulletin). Operating system patches deployed. Application patches deployed.
Hardware updates deployed.
Patch issue follow up.
Review Microsoft Security Advisories. Take action as appropriate.
Run MBSA or other tool report checking that passwords have been updated per schedule.
Review hoaxes with clients.
Review junk mail levels and set IMF filter accordingly .
Perform test restore routine.
Perform Image (if part of backup plan).

Table 10.7. Annual Security Checklist

Issue	Done	Comment
Review Security policy for changes/revisions.
Review changes/additions to group policy settings based on security policy changes.
Discuss any security issues with client for yearly technology review.
Review updating/retirement of assets.
Review updating/retirement of applications.
Review maintenance agreements.
Review annual disk growth.
Perform full restore to alternative hardware as test.
Perform annual risk analysis.
Determine annual security budget. AROxSLE = ALEAnnualized Rate of OccurrencexSingle Loss Expectancy = Annual Loss Expectancy.
Review password change policy.
Run MBSA tool to review status of network.
Review insurance policies.
Perform a "what if the worst occurs" analysis and what's the risk of it occurring?