Securing Business

From NuclearCat's homepage

Jump to: navigation, search

Internet filtering

  • 1)Close all "unwanted" pages. Social networks, video websites, porno/erotic content distracting attention of employee. Also it is often used to distribute malicious code.
  • 2)If possible, block all "dangerous" content", such as .exe, .ocx, .dll, .vba and etc. In some cases swf have to be blocked too.
  • 3)Require to enable "safe browsing" on browsers.
  • 4)Use "blocklists for firewall". On this case, even if user visit website with exploit or injected page, he cannot download infected
  • 5)Antivirus control (over ICAP for HTTP(S), as example) for most used protocols used to receive data (POP3/IMAP, HTTP(S), NNTP, FTP , etc).
  • 6)Block all protocols and ports that is not required (Default-DENY firewall policy).
  • 7)Implement IDS, with custom rules and traps. For example install "fake" password and "fake secret document" on each PC, and define in IDS rule, which will trigger alarm (and preventive traffic block) in case this fake data passed "outside".
  • 8)For instant messaging use Jabber with encryption
  • 9)Best practive to use for authorization and authentication - smartcards. "Poor man" scenarion is at least to use "client certificate" for that. At least this way is more safe, to prevent "fake authorization website" attack.
  • 10)Remove all ICQ/MSN and other proprioetary messengers. Use XMPP server and client. If other protocols required for work, use XMPP gateways.

NOTE: HTTPS can be intercepted and decrypted, check squid3 features.

For SOHO customers - Untangle and Openfire can do the job.

Securing workstation

  • Ensure that unskilled or irresponsible user don't have administrative privileges on their computer.

This way harmful software cannot be installed on "OS" level. Sure there is still chance of software, who is using "exploits".

  • Best practice is to use Linux OS on workstation, where it is possible. Some workstations, which require "windows-only" software to run, can use it over application or terminal server. In difficult cases, like 3DMax, Autocad, and other heavy applications - Windows OS have to be used, with maximumn security level. Probably internet access have to be restricted from them, and they are allowed to access it over Application server or Terminal server.
Retrieved from "http://www.globax.info/mediawiki/index.php/Securing_Business"
Personal tools