Follow GFI:
Find us on Facebook Follow us on Twitter Find us on Linkedin Subscribe to our RSS Feed Find us on YouTube Find us on Google+
 

How to secure your network the old fashioned way

on June 18, 2010

Many times we think of security as policies, software, hardware and other such things; however, there is a lot more to it. When securing your network (especially in a large company with multiple locations) it’s imperative to perform log monitoring and analysis, install the latest patches and check logs of firewalls; however, there is one other small thing that can be done and costs nothing in the short amount of time it requires to be completed.

I’m talking about taking a walk through the offices and observing. It’s as simple as that; and it’s amazing what one can find out by simply targeting the human element of the network, who, through their actions or lack of, might pose a security risk to the IT infrastructure. The best time for such an exercise would most likely be during break; however, random times could work just as well.

Things to look out for during such an inspection:

  • Post-it notes or other pieces of paper stuck to the desk, monitor, under the keyboard or on the computer itself. This is exactly what security personnel hate the most. Countless hours spent securing the network go down the drain because of that person who doesn’t want to spend the time learning their password and so writes it down for everyone to see.
  • Unlocked Computers. Sometimes employees walk out of the room and leave their machine unlocked. Hopefully their screensaver will lock it soon but hey, if you walked in on a machine that you can access at that time then so could have someone else.
  • Unattended laptops and devices (memory sticks, CDs, DVDs).  We hear multiple horror stories about how a laptop with no encryption got stolen with important confidential data on it. It all starts with a laptop left unattended.
  • New Devices! We all dream of waking up one morning and finding nifty new gadgets that we didn’t even have to buy waiting for us on the bedside table. But that’s great only so long as it’s a dream; it’s actually a nightmare if it happens at the workplace especially if the new device is some wireless access point that could be granting access to your network to any passerby on the street.
  • Unauthorized devices. While employees might know they’re not supposed to hook personal laptops or portable storage devices to the network that doesn’t mean they don’t do it.

Another possible security exercise could be engaging in some shoulder surfing of your own – take a walk through the recreational area and network with the people there; you never know when you’re going to walk in on conversations such as “I had to change my password again, but it’s okay now since I found a neat trick to make it easy to remember; just add 1 to the number at the end of my password. Can you believe I’m already at 5?!” Confronting the person with any of these infractions will hopefully help to prevent them from violating security policies again!

submit to reddit
 
Comments
Sue Walsh July 29, 20107:48 am

My mother is actually guilty of one of these. She used her laptop at home to log into the network at her company-using an unsecured router and access point! No harm came as a result but her devices are secured now!

Harriet July 31, 20102:54 am

I have a friend who was too lazy to password protect her laptop. She had let’s just say “very private” photos and videos of herself on that laptop and when it got stolen, she completely freaked out. That was over a year ago, and even up to now, she still constantly fears her private photos and videos have leaked on the internet.

Now her laptop is protected with a 16-character password with letter, numbers and characters. LOL

Emmanuel Carabott August 3, 20105:22 pm

Hi Harriet,

Very sorry to hear about your friend. May I point out that if your friend is simply using a 16 character password to log into her system she is not really protected; should her laptop be stolen again anyone can boot from an alternative OS (using live cds) or simply disconnect the hard drive and connect it to a system that the perpetrators have access to and still get full access to the hard drive.

If she really wants to protect her private data on her hard drive she also needs to enable encryption in addition to using strong login passwords. On Windows this can simply be done by going in the folder properties of the folder one wishes to protect if NTFS is used as the file system.

If she decides to do this it is also a good idea to read a bit on the subject before implementing it and follow the recommendation on backing up the keys used for encryption in the event that she will ever need to reinstall the system, or else she might lose the encrypted content.

There are also 3rd party tools that can help with protecting hard drive content.

Emily White August 11, 20102:21 pm

This article is a blast from the past, I must say. I guess a lot of us are so stuck up with the high-tech nuances of office security that we’ve forgotten the most basic of practices to protect our physical belongings and data.

You won’t believe how many times our own IT dept has found the randomly neglected post-it with the latest password to our main. We haven’t gotten to the next catastrophe past that, but I hope we don’t have to.

Emmanuel Carabott August 18, 201012:15 pm

@Emily

Well we’re essentially at a disadvantage, security needs to keep up with the latest threats but for anyone to be a security risk he can do anything in the list of bad security practices going back to the dawn of computers! It’s also a time issue I guess when you have to spend a lot of time scanning and analysing logs and such tasks, so going around the office looking for post-it notes with passwords is unlikely to be high on one’s to do list!

And the list is missing some “older” issues too such as ensuring that people do not throw away confidential data without shredding it. While dumpster diving is not that popular anymore, it doesn’t mean that it doesn’t still happen!