There are many opportunities that an attacker might use to gain access to a system. In this video, you’ll learn about non-compliant systems, unpatched and unprotected systems, product support lifetimes, and the challenge of securing BYOD systems.
If you were to look at the logs for an entire month of all of the updates that occur for your applications and your operating systems, you would probably have quite a list to go through. Imagine powering on a computer that’s been turned off for three months and then trying to connect it to your corporate network. There would be a number of updates, security patches, and changes that simply didn’t take place over that three month period.
Most organizations will have what’s called an SOE or standard operating environment or some other form of standardized configuration for all of their computer systems. This consists of hardware and software that has been checked and verified to work properly with the applications and systems on this company network. This SOE is constantly updated and very commonly organizations will create an operating system image for their systems that are also compliant with this SOE.
So there may be times when you try to connect to a resource or log in to the VPN and you get a message that your system is not compliant. That means you’ll need to update any patches for your operating systems, update any signatures for antivirus, and make sure that all of your applications are running the latest version. Once all of those changes have been made, you can try logging in again. It will perform the checks on your system, and then verify that your system is up to date with the latest standard operating environment.
It’s obviously difficult for IT professionals to go from one machine to another just to make sure if certain patches have been installed or not installed. That’s why you often find that automation is used to evaluate a system at certain checkpoints. So if someone logs into the network or tries to connect to the VPN, their system will be evaluated to confirm that it’s up to date. There might also be ongoing monitoring of application traffic.
If someone is using an application on the network that’s not in the list of approved apps, you’ll be able to see it with the traffic going across the network. And these days, next generation firewalls have extensive visibility into these applications and can identify details about everything going across the network. And you may find a set of automated checks on your system that are run every so often to ensure that your system is up to date with the latest patches, and that it’s not running anything that doesn’t fall in the certified list of apps.
We often talk about keeping your system up to date with the latest security patches. But when are these patches introduced? When they’re Microsoft patches, they’re introduced on Patch Tuesday. The second Tuesday of every month at 10:00 AM Pacific time, Microsoft will release the latest set of patches for the last 30 days. For the security team in your organization, this is a very busy day.
Suddenly at 10:00 AM on Tuesday, there are a number of patches released that describe different vulnerabilities with the Windows operating system. And if these are critical vulnerabilities, there may be a requirement to patch these as soon as possible. On your computers at home, this is a relatively easy process. You simply click the Update button and your system is up to date. But imagine an organization with hundreds or even thousands of devices that need to be updated.
In many organizations, this is an automated process that occurs after the IT team has had time to check, verify, and confirm that this patch doesn’t create problems for other applications on these systems. The security team is checking their logs very closely to ensure that every system gets these updates. You don’t want to miss a system that happens to have this vulnerability because that’s the system the attackers will use to gain access to your network.
Most organizations have found this patch management process to be a critical part of their IT security infrastructure. They need to test, prioritize, and deploy these patches as soon as they’re available to ensure that all of your systems remain safe. The security team in an organization can sometimes be incorrectly considered a roadblock to getting things done. There is a balancing act between keeping things safe and making sure that data is available. And the security team has to very carefully balance this as they’re deploying their security controls throughout the organization.
Sometimes the troubleshooting process itself tends to make a system less secure. For example, an application developer may tell you that a troubleshooting step may be to disable antivirus or disable the firewall on the system to see if that’s what’s causing the problem with the application. You as the technologists need to try that as a normal step of troubleshooting. But you also need to remember to turn these security controls back on when you’re done.
I’ve seen many application rollouts include instructions to disable antivirus or open every port in a firewall to ensure the application will work. These are obviously very bad ideas for deploying an application. And it’s always best if you find exactly the right security configuration that will not only allow the application to work, but also keep all of your systems safe. From a security perspective, it’s very important to know when an application or operating system is no longer supported or updated by the manufacturer.
For example most manufacturers will have an end of life or EOL announcement where they stop selling an operating system or an application. They might still continue to provide updates and security patches. So although you may not be able to purchase an operating system, you would still be able to keep patching that operating system and maintain the security. Another important milestone is the end of service life, or EOSL. This is when the developer or manufacturer not only stops selling the operating system, they also stop supporting the operating system.
That means that you’re not going to receive any updated security patches, no more bug fixes, and nothing that can help keep that system safe if a problem is found with that application or operating system. In some relatively rare situations, a developer may provide extended or premium support, even though the entire operating system is at the end of its service life. For most of us, we take note when a product has hit the EOL or end of life because we know eventually we’re going to hit the end of the service life.
And once we hit the EOSL, we’re not getting any additional security patches and therefore we’ll need to change the operating system, update the application, or find some other way to perform that job function. Another security concern for organizations are the mobile devices that we all carry around. When people bring their mobile device and use it for work, we consider that BYOD, which is bring your own device. Sometimes you’ll hear this referred to as bring your own technology. With BYOD, the end user owns the device, they use this device as their personal mobile device, but they’re also using that device for business use. This means that there will be a combination of personal data and corporate data on the same device. This obviously creates a concern for security since we need to ensure that the corporate data remains safe, and that it doesn’t have any conflict with any of the user’s existing data.
This is where a Mobile Device Manager, or MDM, becomes very important because it can help you solve a number of these problems such as how is the data between both sides of this protected, what happens to the data if the device is sold or if it’s traded in, and if the device becomes infected or has some type of vulnerability, how does that affect the security of the company’s data? Using a Mobile Device Manager not only makes it more convenient for the users because they only have to carry around a single device, but it also ensures that the information that’s being stored on that device will always be secure.