Endpoint Security

© January 2008 Michael Desrosiers

2008/01/06 Michael Desrosiers

This month's topic is on endpoint security and how to better protect and secure remote access to your infrastructure.

Managing secure remote access points can be a real tough assignment. Because remote systems may directly connect to the unprotected Internet rather then through the corporate firewall, they pose an increased risk to your network environment. Virus, malware and spyware protection and a general Virtual Private Network (VPN) policy are not enough to keep these systems and the networks that they connect to, safe and secure. Here are what many experts agree, are the five best current practices for providing secure remote access to an organizations infrastructure and resources.

Quarterly Reviews of Policies and Standards

This is the most critical piece of securing your perimeter. Every quarter, you should review Information Security policies and standards to identify trends and patterns to address access violations. This remains vital to ensure that the policy as well as the administrative and technical controls, are addressing your remote access security requirements. If you find that the violations are greater or more diverse then anticipated, add or modify your policies and tighten your standards as necessary.

Security Software Controls Policy and Standards

Create a policy that defines the exact security software suite that must exist on systems with remote access. For example, you may need to spell out that anti-virus, anti-spyware and client-side firewalls must be installed and configured in a specific manner with the latest signatures and pattern files, along with an approved vendor list of which products to choose from. Taking this one step further, the business entity should prohibit any personnel computing software (ie, IM, IRC, P2P) from being installed on any device that will be connecting to the corporate network. The best practice is to distribute company-owned mobile assets (laptops, to telecommuters and other employees as to better control the software that will be loaded on the device. Make it a standard practice to pass along the policy with the standard configuration and implementation instructions, to all end users. Often a so-called "zero tolerance" policy is best for endpoint security. I find that proper awareness training and education makes these same end users an organizations "front-line" eyes and ears to malicious behavior. Remote users should meet a strict standard with well defined guidelines, before connecting to the corporate network. No security software suite, no corporate network connection! That simple. The liabilities and risk are now too great. The policy should also spell out what ports, resources and services may be exposed by allowing this remote access to the internal network.

Endpoint Security Management

Choose a vendor that offers comprehensive endpoint security management and policy enforcement modules, as part of their VPN or remote access solution. It is best to mandate that all remote users use the enterprise sponsored client to access the perimeter. That is the only way that you are going to get a true policy and assurance endpoint security posture. Your chosen remote access solution should be able to refuse connections for endpoint systems that do not meet the policy compliance checks. Ideally, the solution should tell end users which items are out of compliance so they can remediate the situation prior to attempting to reconnect. This also reduces help desk and support calls.

Reporting Monitoring Features

Reporting and monitoring an end users compliance is also a very critical process. Most of the solutions mentioned above offer reporting and monitoring capabilities to keep most system administrators updated on the status of the connecting endpoints. Depending on the number of users you have to manage, it may be wise to set up alerts that email the appropriate administrators when a system or device that is significantly out of compliance tries to connect to the network. This is where a robust NAC or SIM/SEM solution would be of great benefit in providing this granularity. In some cases, administrative intervention may be warranted, especially when other access methods to the corporate network may exist.

Enforce Corporate Compliance Policies and Procedures

It goes without saying, but I will say it anyway! If you as a business entity, make a policy statement that you will be enforcing "acceptable use" practices, your standards and procedures have better back this up. Inform the end users that corporate information security policies and procedures extend to their remote desktop, when connecting to the corporate network. For example, no file sharing or other improper actions will be allowed in the organizations network.

There you have it. Many organizations are looking towards technology to protect their corporate assets and streamline their IT operations. Beyond technology installations however, deploying a secured remote access strategy involves an overall operational challenge that cannot be ignored. This will drive what controls are required to manage these risks in compliance with the level of diligence that is required by the organization.

To view more articles:

https://aplawrence.com/MDesrosiers/

or to inquire about an on-site presentation, please feel free to call me at 508-995-4933 or email me at mdesrosiers@m3ipinc.com.

Michael Desrosiers
Founder & Principal Consultant
m3ip, Inc.
We Manage Risk, So You Can Manage Your Business
(O)508-995-4933
(C)774-644-0599
mdesrosiers@m3ipinc.com
https://www.m3ipinc.com

Got something to add? Send me email.

---

Have you tried Searching this site?

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us