Last week I wrote about the SANS top 20 security recommendations for small business, I focused on the first point, know what you have hardware. I decided this week I would focus on the second point. Know what you have software. In brief software is all of the stuff on your computer which allows you to do things. I would like to make a point here that while the Computers Operating System is software, it's not what I'm referencing this week.
Ok, I work in I.T., and more than once I've been called to someone's desk with a comment on, "My program doesn't work!", To which the typical I.T. response is, "What program?" Part of the issue is as I.T. professionals we don't often go through the trouble of limiting what people can put onto their PC's. After all, people want games, cool fonts, screen saver packages, etc… In this day and age many of those things are done on the internet using flash, but that's not something I'm looking to go too far into this week either!
I remember in one particular case I had a MAC user. Let's go ahead and call him user X. I was doing some traffic analysis on our network using OPENdns. Open DNS allows filtering and metrics on DNS data from networks. It's free and can be checked out at opendns.org. I noticed a lot of traffic going to a series of IP addresses. I did some reputation checking using mxtoolbox, and reputation authority. I found out that these IP's had a nasty reputation for being associated with botnets. I then found out after using the built-in MAC OSX firewall that the traffic was being placed on the net by you guessed it, a screen saver!
This covers why we need to know what programs are on PC's and a little bit of how you can track programs which are negative, but a better approach would be proactive! Spiceworks can check which programs are on your network. It can do this by scanning for .exe's. Spiceworks as I mentioned last week is free, and great to use! You can also use Microsoft's built-in software policies. I most recently used these on a terminal server to force programs to only run from one directory and then locked it down. This also stops people from accidently installing things. I next recommend restricting local admin rights on PC's. This limits the amount of damage that can occur. The last step with things like this is rescanning PC's. No matter how hard you try someone will typically find a way to get unwanted programs onto PC's. Remember, a non-technical solution to this could be a policy which states what is acceptable on a local network. For starters, NO non-approved software!
No comments:
Post a Comment