Twenty years ago this wasn’t really much of an issue, a simple network, a couple of file servers and if you were luck an email system. Security was never much of an issue, which was just as well because sometimes there wasn’t much you could do anyway. If anyone remembers the forerunner of Microsoft Exchange – the Microsoft Mail post offices were installed in open shares and if you started locking them down everything stopped working. You could make some minor security implementations but most of all you had to be careful that you didn’t leave anything in these open shares.
Of course, Unix, Ultrix and the forerunner of Windows NT all had reasonable levels of security and you could apply decent access controls based on users, groups and domains without too much issue. It was more the applications that were the issue, security in a digital environment was very much in it’s infancy. Nowadays of course, everyone takes security much more seriously in this age of data protection, hackers, viruses and cyber criminal attacks all over the place. It’s still a nightmare to lock down environments though and that’s primarily due to the internet.
IT departments all over the world love the internet, solving issues and fixing problems is made a hundred times easier with a search engine at hand. However that’s one side of the coin, the other is the fact that access to the internet makes configuration and security much more important and potentially more challenging. Imagine every single desktop has the capacity to visit, download and distribute any number of malevolent files. A potential virus outbreak sits on everybody’s desk and when you look at some of the users you could only be scared.
So what sort of methods do we have to minimize the potential chaos to our internal network. Well first of all there’s something not that technology based, a document which details how people must use their computers and especially the internet. Making sure that users are educated about the risks to both the network and their employment status is probably the most important step you can take to reduce risk from outside sources. If they no that they could get fired for downloading or streaming video from sites like the BBC via their company VPN then they’re much likely to do it.
There’s still a need to implement access control lists and secure resources of course but user compliance goes a long way. Principles like giving user the least amount of permissions makes sense in securing resources. You can lock down both PCs, browsers and external access through Windows environments and GPO (Group Policy Objects). Routing all internet access through central points is a sensible option, meaning not only can you control but also monitor internet traffic in both ways. This is also a useful way of applying a second layer of security as regards Antivirus – scanning before it reaches your desktop solutions.
Most secure environment also put in other common sense steps like not allowing users to plug in their own hardware onto the network. This sounds a trivial matter but can effectively bypass your whole security infrastructure if a virus ridden laptop is installed on your internal network. You have no control over what that their hardware is used for, they may be downloading torrents and buying alcohol/drugs from the darkweb when they get home. Ensuring data security can also be managed by ensuring that no-one uses or takes away data using USB sticks and memory cards. There are security settings and applications which can manage these devices quite easily now, also using group policy if you’re running a windows environment and have implemented the active directory