Skip Links

Best practices for endpoint security, Part 2

IT Best Practices Alert By Linda Musthaler, Network World
October 08, 2010 01:09 PM ET
Linda Musthaler
Sign up for this newsletter now!

The CIO-level business angle on the latest tech

Faycal Daira, CTO of SkyRecon Systems, and Bob Foley, president of Matrix Global Partners spend their working days helping their customers tackle the tough job of keeping millions of endpoints protected. Last week, Daira and Foley gave us their best practice tips on endpoint security using antivirus, device control, host-IPS and behavioral protections. This week, we dig a little deeper and see how you can apply location awareness, network access control, and application control to keep your endpoints -- and ultimately your network -- safe.

Best practices for application control

Cyber thieves will take advantage of the areas of your operating system that change frequently to support legitimate applications. Therefore, you must secure the windows registry to prevent the auto-load of malware:

* AutoRun keys

* Internet explorer ActiveX and module

* Injection of DLL in the system (winlogon, etc.)

* Windows services

* Drivers

Prevent applications from copying executables or scripts to network shares. This will prevent worms from spreading inside the corporate network.

Prevent "Print Screen" and "Copy/Paste" capabilities within sensitive applications such as financial application and health record applications.

Enforce a rule that only allows specific applications to save files on a remote server.

Best practices for location awareness

The level of security must not only be based on the user that is currently logged in, but also on the location from which he is connecting and the context of his connection. This includes the type of connection, the level of security with the connection, and so on.

In the case of a laptop, the machine should possess three different policy levels depending upon its location: inside the corporate network, outside the corporate network, or connected to the Internet through a VPN. Other connection types may be blocked, such as attempting to connect to the Internet through an unsecured Wi-Fi connection that is not going through the corporate VPN.

To be able to determine the location, you need a solution that can detect the network interfaces that are activated (this is mandatory for VPN Control); can collect the IP information for the machine (IP address, DNS, etc…); and can use the local and network Active Directory information to determine the machines type, role, groups and so forth. It is dangerous to use a simple server presence to test the machine's location because if the server goes offline the location will no longer be valid and all your workstations will be operating under a false policy as if they were not connected to the corporate network.

Here is an example of how location settings will match most companies:

* Location inside: With the LAN interface only activated, check that the workstation is authenticated with LDAP

* Location VPN: With the VPN interface activated and the right IP address from the VPN subnet.

* Location Outside: neither inside nor VPN.

With these three locations identified, the following policies can be applied:

Linda Musthaler is a principal analyst with Essential Solutions Corporation.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News