How to deal with 95% of your IT security problems
Whitelisting is a computer process (often times an application) used to prevent unauthorized programs from running and to protect computers from harmful applications as well as the network they are connected to.
Instead of attempting to block malicious files and activity, application whitelisting will only permit known good files. Essentially, whitelisting flips the antivirus model from a ‘default allow’ to a ‘default deny’ for all executable files. This is accomplished by creating a list of known or approved file hashes and only allowing files with approved hashed to execute. Thus only programs approved by the organization can run.
While the whitelisting concept is simple, the application of these principles can be anything but. Consider the operational and political challenges of a default deny model on desktop computers. Whitelisting provides the ultimate level of control over end user systems. This can be a great thing for security, but a big challenge in today’s world of open, creative workplaces. “Cultural issues and policies are still the single biggest obstacles. Users are accustomed to having control over their own PCs, and taking away some of their ability to make changes is more a cultural than a technical change. Organizations must build support for a continuum of control solutions and should never refer to such projects using the term “lockdown.”1
While the overall benefits of application whitelisting are clear, no technology can provide complete security.
2. Patch Applications:
In recent years, third-party applications have become the primary attack vector for new malware, and organizations have been slow to apply security updates for these applications.
3. Patch Operating Systems:
If your computer seems to be working fine, you may wonder why you should apply a patch. By not applying a patch you might be leaving the door open for Malware to come in. Malware exploits flaws in a system in order to do its work, while the time frame between an exploit and when a patch is released is continually getting shorter.
CERT/Coordination Center (CC)3 (http://www.cert.org) estimates that 95 percent of all network intrusions could be avoided by keeping systems up to date with appropriate patches. In an increasingly interconnected world, it is critical that system administrators keep their systems patched to the most secure level.
4. Restrict administrative Privileges:
The key is to give employees access only to what they need and when they need it. In most businesses, least privilege is often seen as a “lockdown” or other negative light. However with out least privilege one cannot ensure the first three steps are carried out appropriately. IT security has no chance of fully enforcing least privilege without complete buy-in from their non-IT colleagues that is where training and awareness comes in.
Training not only improves your organizations security, it promotes user buy in for future security initiatives.
Some steps to take when implementing a training program:
Remember, the goal of training is knowledge transfer and user buy in.