Protecting Your Organization from a security breach
Firewalls are an important key to protecting your network, but what about protection your network from your own users?
2. Security Breach – how users could give hackers access to your network
3. Determining your risk
4. Minimizing risk and protecting the organization from your own users
5. Summary and Recommendations
This white paper discusses the potential risks companies have when users have too much control or leeway within the organizations network system. This document will outline key practices that will help minimize a security breach within your organization.
We have heard over and over again from the news media and leading experts that anti-virus software and “paying attention to what you’re clicking on” will greatly minimize the risk of being hacked. Although, these things are important, they are far from what is really needed to protect your organization from a security breach.
2.0 Security Breach – how users could give hackers access to your network
Most organizations without even knowing it, are allowing their users the ability to let anyone or anything into the network.
Hackers exploit computer systems typically using a program that runs on your network. These programs want many things; some want money and some are recording Web sites you visit for marketing statistics.
Below is two examples of how users can grant hackers access to your network:
Jim receives an email from his credit card company with an attachment called 2015DecStatement.pdf. After double-clicking the attachment the PDF file doesn’t open and a program starts running. After several attempts to open the PDF file, they discover the email wasn’t from their credit card company after all. Is was from a hacker with a similar domain name as the credit card company.
This user has authorization to run an unknown application on the network. As I will state many times, users should only be able to run applications approved by the organization.
Mary visits a Web site and decides to download Google Chrome. After clicking the Download link it asks if you want to “Run” the file Chrome.exe and you choose yes. Expecting Chrome to install, a program Window flashes on the screen then disappears. Not getting any confirmation the program installed successfully, Mary tries the install again. Again, a program Window flashes on the screen then disappears.
This user also has authorization to run an unknown application on the network.
Security weakness and risk is at the “user level” and is a matter of if and when the organizations is hacked.
There have been many reports of a crypto-locker malware that encrypts your data, then demands money, usually through money exchanges like Bitcoin. Once you pay the ransom, they send you the encryption key. In addition to paying the ransom, you will have additional expense to secure and re-engineer your network.
3.0 Determining your risk
Determining risk is a responsibility all owners, C-Level Executives, and Managers should take seriously. Allowing users to install and run applications at will raise the Risk Report’s blood pressure; tenfold.
Below is some basic check that will help you determine if users are a risk:
1. Reviewing all installed Applications: Review all installed programs and uninstall any applications not listed in the Corporate Application Set.
2. Determining if users have “Administrative Rights”: Determine if users have administrative rights on the local computer and/or domain.
3. Restricting Users from running Applications: Users should only be able to run the applications listed in “Control PanelèPrograms and Features” or any program listed on the Corporate Application Set. i.e. Users should not be able to install/run applications that would install Chrome or Dropbox.
4.0 Minimizing risk and protecting the organization from your own users
The good news is the above risks can be greatly minimized. Below are some techniques that I find are underutilized within organizations of all sizes.
Determine your risk by checking the following:
1. Reviewing all installed applications: On the local computer or network terminal server, review the list of installed programs. Go to Control Panel then Program and Features” and review and have approved the applications installed. Organizations should adopt a controlled procedures and forms starting with an Application Set document. This document lists the “approved” applications that users can use. Remove any applications not approved per the Application Set.
2. Determine if users have “Administrative Rights”:
2.1. On the Local Computer: If users are allowed to install applications, typically they are part of the Administrators Group. Another way to determine if a user has administrative rights is to right-click on the “Computer”, then select “Manage”. If you are not prompted for a user name and password, then congratulations you are an administrator on the local computer and your Risk Assessment’s blood pressure just went up.
2.2. On the Domain: Request your Domain Administrator verifies this. This can be done on the Domain Computer (a Server) within the network.
3. Restricting Users from running Applications: User should only be able to run the applications listed on the computer or terminal servers Control PanelèPrograms and Features. Some applications like Chrome and Dropbox can be installed and run by users that do not have Administrative Access. Although these applications are sneaky that way, they are legitimate applications that can be installed by users that do not have Administrative Access. This exposure is high to most organizations and is the most overlooked.
5.0 Summary and Recommendations
Although there are other areas of the network such as firewalls, switches, and servers that need to be looked at; not allowing users to have Administrative access and restricting the Applications users can run will drastically reduce risk of a security breach.
Another way to lower risk is to have end-user awareness training. Educating users about safe computing and the solicitation by form of email or phone is highly important.
For more information contact Madeira Networks at (877) 562-3347.