Securing the Network: 7

Securing The Network
A Post on Corporate Security Issues for the Non Technical

This post covers:
                Workstations
                Laptops / Portable Devices

Workstations
Employee workstations can be the most difficult device to secure properly. For a start the employee has unrestricted physical access to the computer and (hopefully) restricted access to the network.

As much data and information as possible should actually be stored on the server with limited facilities for the employee to download and copy the data via his computer.

Ideally technologies such as server based profiles, Active Directory, Terminal Services and SMS (Systems Management Server) should be used to lock down employee access as much as possible without restricting them to the point of severe inconvenience.

Features of the operating system that the user does not need on a day to day basis, such as access to the Command Prompt on Windows, should be locked down and access restricted.

Users should never logon to their computers with the Administrator or Root account. See the sub-section on Least Privilege.

Laptops / Portable Devices
Data that is installed on a device that is going to be used in the field, must be encrypted. Under Windows a superb solution is Truecrypt.

Truecrypt allows you to set up a ‘container’ in which the contents are heavily encrypted, an encryption key must be entered every time the computer is turned on. This ensures that if the device is lost, you data will remain secure.

"What we say is important for in most cases the mouth speaks what the heart is full of." - Jim Beggs