Protect users to get secure networks

Derek Melber

How to prevent your employees from accidentally becoming a threat to the team.

As an IT administrator, security advisor, computer expert, there are more problems on your list of network environments than security issues. There are millions of dollars, thousands of hours of work, and a time-consuming attempt to configure the machine to fight security issues spreading like a plague for networks. Unfortunately, there is no real solution to protect your network completely. Recent studies have demonstrated that although security is a major issue for IT staff, other users still have some actions to unsafe things. There are many solutions to most of these issues that I want to cover in this article.

Security overview from users

There is a study done by RSA in late 2007 with Statistics made by technology experts in both Boston and Washington. Users are employees in companies surveyed with questions related to security and user privacy practices at the office. Both Boston and Washington are big cities with many corporations and employees working for government organizations. This study focuses solely on how users use and access corporate data and how they access physical methods with computer and company resources. The results of the study are given in Table 1 below.

Subject asked Percentage of business employees Percent of government employees Access email through a public wireless hot spot6437Look laptop, smart phone or USB flash88Send documents to a personal email address to be able to Access from home6168 Wireless corporate network is used for conference rooms and guest rooms are always open without logging190Keep a secure door open for someone to work they do not recognize3235Forget lock or access card and be taken entering the building by someone you did not know about them4234 Detecting an unfamiliar person working in an empty room within their building.2141Already identified or reported a stranger2863 Moved internal work and still have access to accounts or risks Not necessary3334Down to a corporate network that they should not have access2029

Table 1: Results on asking employees about their office security

As you can see from the results in Table 1, the amount of money, time and effort required to train employees on technology security as well as resources is not sufficient to pay for all issues. that topic. However, with written policies, logical and physical policies, many of these problems can be admittedly non-existent even if the user decides to ignore appropriate security procedures.

Physical security

Every IT expert understands that if the company's physical security is compromised, the resources that are being protected can be destroyed much faster. Based on the questions asked in the study, here are some solutions that can help overcome problems related to physical security.

Holding the safety door open for someone to work but not recognize them?

Forgot the lock or access card and was put into a building by someone you didn't know about them?

1. Provide ID cards for employees.
2. Create a policy that requires employees to wear or show ID cards at all times.
3. Install the ID card reader at all building entrances as well as the rights inside the building.
4. Take a security guard at the main entrance to the building to check the ID card.
5. Install the camera on all external doors and main points inside the building.

Discovering an unfamiliar person working at an empty room within their building?

Have asked for identification or reported strangers?

1. Like employees, all visitors to the company need to wear a guest card when entering a company building.
2. With both employees and guests wearing ID cards, you will easily discover the uninvited person.
3. Employees should be encouraged to report strangers and must wear tags.
4. Signs, reminders, memoranda, . need to be posted regularly to remind people to wear ID cards.

Logical security

Even with the spill of spam, adware, viruses, Trojans, . related by email, employees still don't care about the negative aspects of email abuse. Implementing a more stringent security environment on email and other network access can help prevent users from following good security practices themselves.

Access email through a public wireless hot spot?

1. Do not provide access to email outside the company unless using a VPN or a secure connection.
2. Configure mail server capable of checking and executing authentication mechanism from the intranet.
3. Do not allow users to connect to remote desktop unless they create a connection to the VPN first.

Send documents to a personal email address to be accessible from home?

1. Enable encryption with all outgoing emails
2. Configure filters for attachments for all outgoing emails. This can limit certain types of files as well as content attached to them.
3. Restrict corporate firewalls from receiving POP3, IMAP and other methods of receiving email from outside the company's personal email sites.
4. Add a policy to prevent users from accessing personal email while working
5. Training and testing on how external email sites are configured can be dangerous to the company.

Does the wireless network within the company be used for conference rooms and open rooms without logging in?

1. Configure wireless access points to perform a configuration:
   - Do not promote SSID
   - Enable MAC address filtering
   - High security configuration like WPA and WPA2
   - Execute a RADIUS server for authentication, shown in Figure 1 as an example of an access point option.
2. Use a Smart Card for all wireless network access

Have internal jobs been transferred and still have access to unnecessary accounts or resources?

1. Enforce rental procedures and work changes that require resource owners to provide full access to employees
2. Execute Restricted Groups and Local Users and Groups inside Group Policy to control group membership, as shown in Figure 2.
3. Enforce credentials for administrators inside Active Directory to restrict group membership administration.
4. Perform normal audits of members of the security group.

Falling into a corporate network that they shouldn't have access to?

1. Implement a program that encourages encouragement to promote good security practices, such as network areas with faulty configurations.
2. Make sure that NTFS permissions are configured on all network resources to group only the appropriate security groups.
3. Execute group and user actions within Active Directory. Typically, user accounts are in groups, named and used to group similar user types residing in Active Directory. These groups are then placed in other groups, named and used to assign permissions that reside in Active Directory or Local Group residing on the resource server. Finally, the resources that need to be configured with the group are used to assign permissions.
4. Execute Access Based Enumeration for all servers used to store data.

Conclude

Many parameters in the above parameters as well as solutions have been written in a policy-oriented way. Written policies must be accurate and clear to limit inappropriate behaviors. With the mandatory security through technical meaning, some solutions will require a change in how users access the network and data. While security is never easy, interesting or not too complicated, if security is not proposed early and often or not, most companies will be greatly affected and The results of these effects are shown in Figure 1, illustrating the absence of security policies.