IT Security changes over time and it is important to stay abreast. New threats are appearing all the time and so threat management also needs to change.
Here are some tips and pointers to the current thinking in IT Security.
Back in February of this year (2013), the Centre for Strategic and International Studies (CSIS) in the USA published a short but to the point paper on how to successfully combat the majority of current cyber security threats. The paper gives an excellent background to the latest threats without getting too technical. But the great thing is the 4 steps that they give to combating the majority of current threats.
These are summarised as:
- Use application "whitelisting" to help prevent malicious software and other unapproved programs from running.
Whiles this is not quite as convenient for users, some of whom want to run anything they like, it is vastly superior to spending money on Anti-Virus tools that can slow down PC’s and often fail to catch the key malware. Of course, Anti-Virus tools do provide additional protection and should continue to be used.
Example products for whitelisting are: SecureAPlus (review on gHacks), McAfee Application Control, and several others
See also the SANS whitepaper “Application Whitelisting: Panacea or Propaganda” which describes the issues and opportunities in detail and gives useful conclusions. There is also a write-up on application whitelisting on Tech Republic, and another on InfoWorld.
- Patch applications such as PDF readers, Microsoft Office, Java, Flash Player, and web browsers.
Patching schedules need to be vastly accelerated for most organisations. Having 2 or 3 “updates” a year leaves vast open security holes in enterprise infrastructure that is just asking to be compromised. Patching of key applications such as those listed here needs to happen weekly at least, as soon as possible is best. The bad guys aren’t waiting, they change their toolkits within hours to exploit newly found vulnerabilities.
- Patch operating system vulnerabilities, for the same reasons discussed above.
- Minimize the number of users with administrative privileges, the highest level of authority to make changes or undertake actions on a network.
Users with administrative privileges are the goldmine for the bad guys. They are the easy back door into the heart of your enterprise systems.
According to these papers, following these simple rules is likely to protect 80-100% of common enterprise attacks right now.
For the latest on the underbelly of the Internet and the current threats, take a look at the blog of Brian Krebbs – Krebbs on Security. In particular, I strongly recommend reading and paying attention to his article: Tools for a Safer PC. Also pay attention to his article The Scrap Value of a Hacked PC that describes just why the bad guys want your PC even though you think there is nothing of value on it.