Even though it's widely known that exercise has many health benefits, many people do not do it. The same can be said for securing a network, said SearchWindowsManageability Ask the Expert security advisor Scott Blake. Most security breaches can be avoided, he said, if IT managers would exercise simple security measures regularly.
Blake shared his tips for pumping up network security in a recent SearchWindowsManageability Webcast, titled "Punching Holes in Your Network: What Hackers Know and You Don't. Blake is vice president of information security at Houston, Tex.-based BindView Corp. Here he shares his best practices to keep hackers and viruses at bay.
Do patch, patch, patch. "The first line of defense is up-to-date patches," Blake said. Most of the recent widely-exploited vulnerabilities have had patches available, some for as many as two-to-three years. For example, patches were available to defeat both the Nimda and Code Red viruses, said Blake. Even though patches can sometimes cause an applications malfunction, they are still a number one priority.
Don't keep all default security services turned on just because it's easy. "When administrators set up a system, they don't turn off services they don't need," Blake said. Yet, most of what is exploited exists in the installed default services. So, disable all unused services and keep the services you use at a minimum. For example, Blake said, one organization's IT staff set up a Web server and was meticulous about keeping it up-to-date. Unfortunately, they forgot about an FTP server that was also running. It never got patched. So, when the organization was attacked by a virus, it was appalled to find that the FTP server was even running.
Do update anti-virus software. Most administrators recognize how important it is to use anti-virus software, but some fall short of actually updating it, said Blake. "Up-to-date AV software will prevent problems from spreading out of control." The big challenge, however, is to make sure every corner of the organization is covered by the updates.
Do enforce strong passwords. "In most organizations, passwords are not the last line of defense. In most, they are the only line of defense," said Blake. So, don't trust users to pick their own passwords. Even those who know better still choose lousy passwords. Further, "password crackers are fast and getting faster," Blake said. The best idea is to use a one-time password pad, he said. Some password pads have a number that changes every 30-60 seconds that must be entered along with a PIN number. Password pads are especially important for remote users to use, he said. The rest of the time, use strong passwords and educate users as to the merits of choosing a strong password, Blake advised.
Do implement egress filtering. Egress filtering filters out unwanted outgoing network traffic. "It is best to allow only the kinds of traffic that are specifically needed into your site," said Blake. Trojan horse viruses like to "phone home," as do lots of malicious programs, he said. "Use a Web proxy and limit outbound connections strictly," Blake concluded.
FOR MORE INFORMATION
Check out SearchWindowsManagebility's upcoming and previous Webcasts HERE.