As any security professional will tell you, effective security compromises a defence in depth approach – implementing security at each layer of the OSI model and for every aspect of your business. Perimeter security is not as strong as it used to be, with the move to cloud computing assets and data is spread across the world so organizations can no longer put everything inside one place and stick a secure gateway to prevent accesses. Add to this to the point that organizations are becoming more and more mobile and you have a tricky issue to fix.
Endpoint security is becoming more and more important in reducing risks to organizational assets. Securing the device, whether it is Windows, Linux or any other operating system, is imperative to ensure that attacks aren’t mounted against the organization and that data isn’t leaked. A poorly controlled endpoint is a target for many attackers as it can provide a direct route into the organization and may also provide sensitive or commercial data on the device. This article looks at securing the endpoint, including different methods to prevent a compromise of any device.
Remove unnecessary services
The first point, regardless of what operating system you are using, is to remove unnecessary services on the device. These services increase the attack surface of the device and essentially provide more routes into the device. The best way to do this is to list the services that are required for legitimate business purposes and identify those services that are not or may cause risk to the organization. An example of this is Telnet, a service that is commonly known as insecure for transmitting data in the clear. As many organisations use SSH, an encrypted service, there is no longer any need to use TelNet so this should be disabled.
Application Whitelisting
Application whitelisting is a control that many organisations wish to utilise to control the applications executed on the endpoint. The organization maintains a list of approved applications, known to be safe, that the user can utilize and any other applications are prevented from running. By controlling this, the organization can prevent malware from propagating from unauthorized software onto the users endpoint and potentially onwards to the organization.
It is highly recommended that you utilize application white-listing to identify those applications required for business purposes and block all others. This will ensure that any applications that could cause harm cannot run on the endpoint. There are numerous resources that can be used to identify malicious applications. Cyber security news is a good resource for such information.
Antivirus
Everyone is aware of the dangers of viruses and how decent antivirus controls can help to mitigate this. In truth, traditional signature based AV is relatively useless as malware is so advanced that it can subvert most of these controls. However, for the low hanging fruit, AV can still identify some of the older strains of malware. It is worth ensuring that a decent AV vendor is used on all endpoints and that signatures are regularly updated to capture well known viruses.
Removable media
Removable media continues to be one of the highest methods of malware propagation and businesses do not know how to deal with it. It may be worth considering locking down USB ports on all devices and only allowing USB on those devices that require it. Alternatively, endpoint controls can be used to only allow known, approved USB devices to be connected to the device. Organizations should identify their removable media requirements in a removable media policy and ensure all users are aware of the risks posed by removable media.
Conclusion
There are numerous technical controls that can be implemented in securing the endpoint. However, the end user still presents one of the biggest risks to the organization so organizations need to utilize user training to prevent the wrong behavior. Other controls that the organization should consider consist of encryption of data at rest and in transit, monitoring of accesses, two factor authentication, strong authentication and password requirements, personal firewalls and secure boot.
Author Bio: Lee Hazell is an information security consultant and owner of cyber security news site that features information security articles and advice.