promisec.com

How to prevent users from visiting the Web sites your company blocks?

Message by promisec on
The Problem: Companies often block employees from visiting certain sites – ranging from the really nefarious (porn) to probably bad (gambling) to mostly innocuous (Web-based e-mail services). They try to significantly reduce productivity losses, bandwidth consumption, legal risks, and security exposure caused by unauthorized employee access to inappropriate, malicious or distracting Web content.
The Trick: Even if your company won't let employees visit those sites by typing their Web addresses into their browser, they can still sometimes sneak their way onto them. They travel to a third-party site, called a proxy, and type the Web address they want into a search box. Then the proxy site travels to the site they want and displays it for them – so they can see the site without actually visiting it. Proxy.org, for one, features a list of more than 4,000 proxies.
Another way to accomplish the same thing, is to use Google's translation service, asking it to do an English-to-English translation.They can enter this–‘Google.com/translate?langpair=en|en&u=www.blockedsite.com’–replacing "blockedsite.com" with the Web address of the site they want to visit. Google effectively acts as a proxy, calling up the site for them.
The Risk: If they use a proxy to, for example, catch up on e-mail or watch a YouTube video, the main risk is getting caught by their boss. But there are scarier security risks; online bad guys sometimes buy Web addresses that are misspellings of popular sites, then use them to infect visitors' computers. Companies often block those sites, too – but users won't be protected from them if they use a proxy.
How to Stay Safe: Educate your peers to watch their spelling and prevent their habit of using unapproved proxy sites, even for specific sites for productivity-related reasons (like YouTube), by setting up your Endpoint Compliance Auditing solution (like Promisec Spectator Professional or Promisec Innerspace) to automatically reset any user’s proxy properties to match the company’s approved servers.
In the case of Google's translation service you have to use a Web Content Filtering solution (like Websense Enterprise or Secure Computing Sidewinder) that will recognize the unapproved content and block or terminate the browser’s request.

Basic steps to prevent Data loss
Message by promisec on
There are a few basic steps to take to prevent data loss; these can be done without requiring additional budget:
1. Make sure people only have access to what they need to have access. Setup the correct folders and permissions.
2. Educate your staff to understand the importance of data security, refresh this every occasionally and send out examples of what can go wrong if this is not done.
3. Prevent users from installing files sharing software and explain the inherent risk, software of this type often leads to user unknowingly uploading files, which they never planned to.
These are all very basic steps but can help in preventing a large amount of the incidents which lead to data loss, some of the biggest cases of data loss in the past year were caused by users breaking one of these simple rules which lead to very large monetary losses. Pfizer lost a large number of employee records when a spouse of one of their employees installed file-sharing applications on her laptop.

To ensure a comprehensive anti-virus strategy
Message by promisec on
Anti-virus (AV) software is the first and sometimes the only line of defense your servers and desktops have, in order for AV software to be effective, it needs to be up to date and it needs to be running. Even after ensuring, that all desktops have AV software installed and your AV console is running it is important to verify their status manually or using third party tools. Users will sometimes temper with the software or become infected by viruses who target the AV software, the user who are the most at risk (pseudo techies, trust me, I know what I am doing… you know them) are usually the first ones to disable the anti-virus, so make sure the anti-virus is centrally managed and updated. Make sure that it is actually up and updated using a different product or physical inspection.

To prevent employees from installing P2P applications
Message by promisec on
It used to be enough to just check the firewall log and have some bandwidth control device in place, but P2P applications are becoming smarter and most of them use common protocols now. A good place to start is by explaining to people the potential risk these applications pose, then make sure that people only have the permissions they need for their desktops/laptops these measures will reduce the problem. There are tools in the market which help you monitor which applications are installed remove unwanted ones and prevent them from being installed, find one of these that fits your budget and get it, P2P is just the tip of the iceberg.

Standardize on a single remote control software
Message by promisec on Remote control software is a staple of an organizations IT infrastructure, in order to keep these tools secure it is important to control which software is installed and who has the keys. When moving from one remote control software to another verify that all other types of remote control software was removed. In addition, it is recommended to check who has the management software installed; people outside the IT group should not have this software on their PCs.

Firewall bypass
Message by promisec on As wireless networks are everywhere, know users try to stay online everywhere while they are in and out of the office. Most wireless devices come with auto connect features which make it easier for users to roam and stay connected, there is no reason for a user to be connected to any other network outside the corporate one while he is in the office. Make sure the wireless software is set to recognize when it is inside and outside the office and act accordingly. If you are using a wired network, set it so the wireless is disabled when a wired connection is available. Users who connect to a multiple networks at the same time can become a bridge through which anyone at the local coffee shop can walk into your office. This can also be caused when you have an unprotected wireless network inside your office, while it is fun to be able to surf from your local steak house, having an unsecured wireless network can cause a lot of damage, TJX has lost a few million dollars from a breach, which was caused by hackers abusing a wireless network.