By Terry Mayfield
Network security has become a big issue. Some companies spend big money on server management while the workstation management becomes less a priority. Thorough network security requires that all possible sources of a breach be secured. This article offers criteria for securing (locking down) all the workstations on the network.
What does it mean to lock-down a workstation? For our purposes a network workstation is locked down when it is configured to prevent unauthorized installation and execution of a software application.
Who establishes security polices from which the lock-down criteria comes? Network security is as much a business concern as it is an IT concern. Why? Because data security and business continuity are part of a bigger concern: risk management. Today, government regulations mandate data security, and hold companies accountable for security breaches. The management of the organization is responsible for drafting the security polices within the context of legal and business requirements.
The IT department is then tasked with the job of determining how to implement the network security policies. They determine what a proper configuration of the workstations will be. That configuration would include applications that are compatible with each other and meet the business needs of the company. The configuration would also include necessary hardware drivers and system services.
Here are five criteria that might be helpful in evaluating a workstation lock-down solution. The solution should:
1. Have Flexibility.
A company's data network is not static. As business needs change, software requirements will likely also change. A workstation lock-down solution needs to be flexible enough that it can be easily configured to support new applications and patches for new versions of existing applications.
2. Have Adaptability.
It should adapt to new security policies, procedures, or workflow requirements. The admin interface should be simple and adaptable enough to support ad hoc requests.
3. Be Secure.
The solution should enforce restrictions without being vulnerable to unauthorized changes, or overrides, or workarounds by end users. The solution should work regardless of path changes, file renames, or file modifications by a user.
4. Have an easy-to-navigate Admin Interface.
The admin interface should be able to analyze files across the network, catalog those files, and generate notifications regarding their status and location.
5. Be Automated.
Any solution will require some initial configuration. Decisions will need to be made as to which programs should and should not be restricted. Once the approved software configuration has been set up, the software should automatically monitor the network. Any new unauthorized software that is detected should automatically be restricted and brought to the IT staff's attention for action.
Terry Mayfield is a Business Continuity expert with 19 years experience in the field. Mr. Mayfield has worked in the telecommunications industry during a period of innovation and rapidly changing technologies, and has helped his clients evaluate potential data loss threats and formulate data protection and recovery strategies. He is available by phone (205-290-8424) or email (terrym@askbts.com) to discuss your data protection requirements and review your network storage issues. To Download the Free Advisory Guide "What Every Business Must Know About Protecting And Preserving Their Critical Data" go to http://www.gosleepez.com. Article Source: http://EzineArticles.com/?expert=Terry_Mayfield |
0 comments:
Post a Comment