Re: Basic Windows Security Question

[PC Sage Information Services <info () pcsage biz>]

On Mar 29, 2005, at 4:20 PM, Andrew McIntosh wrote:

> Hello Everybody,
>
> I am curious to see the different suggestions for this scenario:
>
> Suppose you have a small company of less than 100 employees. One of the
> employees likes to bring his work home on occasion. He does so using a
> USB thumb drive. One day he catches a [virus, worm, Trojan, spyware,
> anything you can think of] at home and it winds up on his thumb drive,
> which he in turn brings to the company network.

It is important to remember that ANY company, no matter how small, 
wisely invests in a security and auditing policy for their network, as 
well as the oft' overlooked disaster recovery plan (aka feces occurs). 
If employees and principles alike are not given clear guidelines for 
performing their work function, it opens the door to all manner of 
exposure for the company.

If only one of the employees likes to bring his work home, it seems 
that this is the anomaly and not the rule of employees there. The 
easiest method is to author a business policy to prevent this type of 
removal of company documents. It's clear that these documents are small 
in that thumb drives are currently maxing in the 1GB range, it might be 
better to provide vpn access and have the employee log in from home to 
access his/her files.


> The company certainly should have anti-virus software in place, which
> would fix that problem. But what if he unknowingly loads a key logging
> program that could capture private customer information? What do you
> suggest? Here is what I could think of so far:

If your users are given the appropriate permissions (aka NONE) this 
installation of outside software is easy to avoid.

> Disable USB Port - That would solve the particular problem and create
> other problems. For instance, substitute the thumb drive with a floppy
> disk or CD. For obvious reasons you don't want to disable those as 
> well.

Disable any hardware by profiles that doesn't fit into your 
organizations security policy.

> Restrict user permissions - That could potentially prevent a program
> from installing itself, but it would also cause the user some grief if
> they need to install programs themselves, or even do simple things like
> changing personal settings.

 The largest threat to any company is NOT external hacking, it's 
internal misuse, and abuse that is the largest threat to data security. 
These people have access to sensitive business documents. Among the 
most important security considerations is privilege. In a Windows 
environment, I estimate it would be foolhardy to give users any 
permissions that could potentially wreak havoc with your hard work. The 
best bet is to give them NOTHING and dial up as required. In Windows, 
it's important to run at a lower level of privilege to avoid all of the 
latent cruft it seems vulnerable to at higher privilege levels. 
In-service training of users to utilize the 'Run As' command in Windows 
is quick and usually painless (the thoughtful admin will create the 
'Run As' shortcuts ;) ) This will prevent a host of difficulties in 
your network.

> Security Policy - Haven't looked into this yet, but maybe there is a 
> way
> to prevent the use of thumb drives and other specific devices through
> security policy.

I'm hoping that you are hardening ALL Windows boxes before they go live 
with at least MBSA. Perhaps a bit of auditing would also help you track 
which users are ultimately responsible for the breach in policies you 
are about to work out with your corporate heads. :)

> What do you think?
>
> Thanks!
>
> ====================
> amcintosh () ntad com
> ====================


---------------------------------------------------------------------------
Earn your MS in Information Security ONLINE
Organizations worldwide are in need of highly qualified information security 
professionals.  Norwich University is fulfilling this demand with its MS in 
Information Security offered online.  Recognized by the NSA as an 
academically excellent program, NU offers you the opportunity to earn your 
degree without disrupting your home or work life.

http://www.msia.norwich.edu/secfocus_en
----------------------------------------------------------------------------