Can you suggest me some security software which supports remote management
September 28, 2006 6:37 AM Subscribe
I have recently started a new job in charge of IT in a small lab <10 people. A while back the lab was badly hacked into and data etc. was lost (there is evidence this was an inside job btw). As part of my remit I am in charge of making sure this doesn't happen again.
The company has a site license for anti-virus software so that is not an issue however we currently have no anti-spyware, personal firewall or rootkit / trojan detector etc.
What I'm looking for is one or more products which I can install on the user's workstations which are effective in these areas. The most important point apart from actually working of course is that I can centrally administer the software and monitor what is going on - edit firewall rules etc.
So what products would you recommend that might satisfy these requirements. Oh yeah all users including myself are running Windows XP so cross platform is not a problem.
Deemphasize your desktop support. Centralize your file and other services. That way you can focus on protecting data and security on one or two servers, instead of 10 or more desktops that will be impossible to protect at all hours of the day.
Mac OS X Server does Windows file service and provides VPN capability, so that your clients can access their files from anywhere relatively safely.
posted by Blazecock Pileon at 7:35 AM on September 28, 2006
Mac OS X Server does Windows file service and provides VPN capability, so that your clients can access their files from anywhere relatively safely.
posted by Blazecock Pileon at 7:35 AM on September 28, 2006
Your greatest risk is not from someone outside the company hacking through your firewall, it's someone sitting at a desk, copying files over the network and taking them off-site.
Do an internal security audit to see who has access to what. Restrict access to data to ONLY THOSE WHO NEED IT. None of that "I have access to everything because I'm the boss" bullshit. Institute a policy that no passwords are to be written down, ever (doubly so for email), except for a master list of server admin passwords you keep in a locked safe.
The first time you come across someone who mentions, "Oh, so-and-so just gave me their password", lock down the server and make every person in your lab change their password. They'll be briefly pissed, but it won't happen again.
Set your server to force password changes every X days, and be sure to add a policy that their last Y passwords can't match. Password changes are pointless if you can keep changing it to the same one.
Make sure workstations are set to go to screensaver + password lock after 10 idle minutes.
(the last two can be managed centrally from AD, I believe)
posted by mkultra at 8:00 AM on September 28, 2006
Do an internal security audit to see who has access to what. Restrict access to data to ONLY THOSE WHO NEED IT. None of that "I have access to everything because I'm the boss" bullshit. Institute a policy that no passwords are to be written down, ever (doubly so for email), except for a master list of server admin passwords you keep in a locked safe.
The first time you come across someone who mentions, "Oh, so-and-so just gave me their password", lock down the server and make every person in your lab change their password. They'll be briefly pissed, but it won't happen again.
Set your server to force password changes every X days, and be sure to add a policy that their last Y passwords can't match. Password changes are pointless if you can keep changing it to the same one.
Make sure workstations are set to go to screensaver + password lock after 10 idle minutes.
(the last two can be managed centrally from AD, I believe)
posted by mkultra at 8:00 AM on September 28, 2006
And except in very rare circumstances, there is no reason for end users to have admin access to their computers.
posted by mkultra at 8:02 AM on September 28, 2006
posted by mkultra at 8:02 AM on September 28, 2006
If protecting against data loss is your main remit, don't bother bogging your users down in a mess of software locks and keys; just implement a backup regime that works, and keep the backups physically secure.
Only if minimizing intellectual property leakage is important should you go down the access control road. And if you do go down that road, don't forget to turn on file access auditing for all your sensitive stuff, and keep the logs where only you can get to them.
posted by flabdablet at 8:34 AM on September 28, 2006
Only if minimizing intellectual property leakage is important should you go down the access control road. And if you do go down that road, don't forget to turn on file access auditing for all your sensitive stuff, and keep the logs where only you can get to them.
posted by flabdablet at 8:34 AM on September 28, 2006
First things first, thou shalt start from a clean slate. Nuke every single machine in the office down to bare hardware and rebuild from scratch. Do not take any guff from anybody about this, if you can't start with a Known Good baseline you're sunk before you begin.
Secondly, you need to figure out what, exactly, your users need to be able to access. I, shockingly, recommend setting up an Active Directory system and splurging for a few good books on the subject so you can ensure that you have instant control over the configuration settings on all machines.
Thirdly, don't be an ass. It's very easy to get caught up in "must prevent theft" mode and lock your users down so far that they have to break the rules constantly. Pick a set of rules (policies) alongside your users and management, document them religiously and get the Biggest Boss you can con into signing off on them.
Honestly though, you can't really prevent an insider from stealing data. You can protect yourself from data loss but data theft (as flabdablet says) is a very thorny problem.
Finally, Log Every Damn Thing Off Site.
posted by Skorgu at 9:20 AM on September 28, 2006
Secondly, you need to figure out what, exactly, your users need to be able to access. I, shockingly, recommend setting up an Active Directory system and splurging for a few good books on the subject so you can ensure that you have instant control over the configuration settings on all machines.
Thirdly, don't be an ass. It's very easy to get caught up in "must prevent theft" mode and lock your users down so far that they have to break the rules constantly. Pick a set of rules (policies) alongside your users and management, document them religiously and get the Biggest Boss you can con into signing off on them.
Honestly though, you can't really prevent an insider from stealing data. You can protect yourself from data loss but data theft (as flabdablet says) is a very thorny problem.
Finally, Log Every Damn Thing Off Site.
posted by Skorgu at 9:20 AM on September 28, 2006
This thread is closed to new comments.
I'm sorry I can't speak to centralized anti-spyware; we bought individual copies of a couple different products for workstations and set them on automatic for updates and scans; it worked well in a group of 85, can't imagine it would be difficult for a group of less than 10.
posted by lhauser at 6:45 AM on September 28, 2006