Endpoint Security Wake Up Call
Surpringsingly I have been getting quite a few questions regarding specifically what endpoint security is and why it is important. Most security policies and technologies are focused on keeping people outside of a network from getting in. Yet as we have seen with many of the headlines, the majority of security breaches and data thefts occur internally. Some estimates are even putting the number at 70% of all security breaches occur behind the firewall.
Endpoint security is not a new concept, it is older than computers, it is simply protecting physical access to valuable assets. All IT security measures really go out the window once someone with the technical skills (and sometimes not so technical) has physical access to a system.
Using a small USB flash drive, one can own a system in 2 seconds, this includes installing Trojan programs that email or FTP data to a remote location in the background, gaining remote access to the system for later use, installing back doors including admin accounts, as well as infecting any other removable media device that is plugged into that system.
The greatest hacker tool available is an IT departments’ own apathy when it comes to managing these security threats. Trying to keep the network perimeter secure is difficult enough, without having to manage internal threats.
Understanding endpoint security threats
At the core there are three areas of endpoint security threats that need to be considered. The first involves corporate espionage, evidence and actual cases have shown that employees have been recruited by rival companies and organized crime to steal pertinent data. The scope of these offenses ranges from the theft of intellectual property, customer lists or simply stealing employee lists for headhunters.
The second weakness again involves employees, only they may not need monetary motivation to steal data, it may be that they are disgruntled or recently terminated and they may wish to try and harm the network, destroy data, steal data for their next position.
The third main area that should be considered is pure ignorance. When a data breach, or damage to the network is perpetrated unintentionally. A user that installs unauthorized software for example or an employee who plugs in a USB flash drive or other removable media device that is infected with Trojan. Employees also fall victim to social engineering attacks through telephone calls, phishing scams or other methods.
A new attack vector has actually appeared where emails appearing to be simple marketing emails offering free USB drives, are actually targeted at specific users in a company, and that the actual “free” drive that that user receives in the mail is really loaded with a Trojan that would allow someone outside the company direct access to that system to run reconnaissance scans, steal data, as well as launch attacks.
Prevention
Most corporate networks are doing the bare minimum when it comes to securing against internal threats for several reasons. The first being ignorance of the actual issues, although this sounds silly it actually rings true more often than most would like to admit. Most IT departments are already stretched beyond their limits in terms of manpower and resources, that they have not choice but to trust employees, and hope that not breaches occur, thereby ignoring the issue altogether. If trust, hope and ignorance are part of your three pronged approach to endpoint security issues, we will be seeing your company in the headlines soon.
Admit you have a problem
The first step to prevention is to realize you have a problem. You then must clearly establish policies regarding the use of removable media devices, including USB flash drives, iPods and even smart phones. It may also be necessary to consider who has access to CD/DVD burners.
Email is not just for viruses
Email attachments have been a nemesis of IT admins for quite a long time in terms of the propagation of viruses and worms, but very little has been done looking at what happens when employees email confidential data outside to personal email accounts, policies and auditing may need to be implemented to secure corporate data.
Printers
An employee, who is locked out of removable media devices, may just choose to print the data out. It might be necessary to setup auditing systems to show who has printed what documents, as well as limit who has access to printers on a network.
Enforcement
A policy is useless unless users are both educated regarding them, as well as them understanding why they are implemented. Many times policies are not enforced as they may hinder productivity; however there are technologies available that will help IT admins both enforce these policies, while still allowing specific users or groups access to particular devices.