The best approach to IT security is a layered approach. Security configuration options exist in many different aspects within the environment — including settings on network equipment, servers, computers, and within applications. Configuring systems securely needs to happen at implementation and should be documented using a checklist to ensure there are no security “holes.” Projects that improve security include:
Auditing the server and network device configurations
- Some protocols (like telnet) should be disabled by default.
- Diagrams should be created and maintained so key stakeholders understand the path of network traffic in and out of the company.
- Servers should be “hardened” and used only for the originally intended purpose. For example, a server should not have IIS enabled if it is not specifically being used as a web server.
- Permissions on servers should be limited and maintained so that backdoors for access are not created.
Managing and Auditing Assets
- Knowing the status of your servers and workstations enables awareness of any attempts to access your server from hackers.
- Using log analysis tools can provide insight.
- Understanding what kind of equipment is on your network allows you to better protect the data that all of the equipment can potentially access.
Managing Computer Configuration
Knowing which assets are in your environment is half of the battle, but configuring them correctly is where the security gains are made. Projects that foster a secure IT environment include:
- Deployment of a full disk encryption platform. These platforms allow administrators to encrypt all of the data stored on a computer. Encryption prohibits people from being able to read the data on your hard disk with another computer.
- Deploying an end point protection platform. These platforms include anti-malware and anti-virus protection. These can also provide a centralized management portal that can help secure USB ports and firewall settings on your computer.
- Computers come with many security features that need to be configured. Some of these include a built-in firewall, settings to automatically lock your screen and those that prompt you to change your password regularly. Some operating systems also include native full disk encryption programs.
Ensuring Automatic, Timely Operating System, Hardware And Software Patching
Timely patching strategies ensure that your operating system (Windows 7 & 8), hardware and software (Flash, Java, Reader) have the latest security features installed. Patching that address critical vulnerabilities should be done as soon they are released. Unpatched software is the easiest way that computers are infected by malicious web sites or accidentally installing malware.