Darn Those Pesky Users: Convergence and Secure Endpoints

| 0 Comments | 0 TrackBacks

Page:   1   2   3  Next  »

Securing endpoints--also known as dealing with end user behavior--was a topic in several very different presentations at the SecureWorld Expo in Plano, Texas, this week.

Users--with their anywhere, anytime data access demands, and their often dangerous behavior, at least in security terms--are clearly a continuing challenge for security professionals. Education and security awareness were two of the remedies discussed; convergence technology, especially the ability to integrate physical and logical identities, also can be effective at influencing behaviors and enforcing policy, said a CISO of a major Texas medical center.
Insiders Everywhere

Insiders are anyone with legitimate access to enterprise data - and at the University of Texas Southwestern Medical Center in Dallas, that includes employees, students, contractors, caregivers, said Stan Waddell, CISO, in his presentation "Insider Threat: Trust is at the Heart of the Matter."

Addressing accidental and malicious data breaches and disclosures requires risk assessments, data classification, "minimum necessary" reviews, segregation of duties and sensible record retention and destruction policies, Waddell said.

"You can't reduce risk to zero" without destroying business productivity, he told attendees. The goal then is to limit the potential damage of breaches, and one way of doing that is limiting the number of records and data types to which insiders have access. "Even aggregators don't need to see sensitive data," he pointed out.

Watching the Workforce

Monitoring employee internal activities, including email, web browsing, removable media use, file and folder logging, is also important, as is letting users know you're watching them. "If you see suspicious activity, act; you can't afford not to," Waddell said.

Taking advantage of converged authentication technology can also be a deterrent against malicious or careless behavior, he told Security Squared in an interview at the show.

"The buzzwords of SSO and multifactor authentication have matured enough to be productivity aids," Waddell said. "You can understand where people go and what they do."

In particular, he noted when a badge swipe plus a one-time password is required for access, allowing an unauthorized user into the system requires collusion, whether for deliberate foul play or by loaning a badge--which can result in disciplinary action.

Further, the two-factor authentication provides an audit trail. "I know where you swiped, I know where you logged in," Waddell said. "I can tie you to a physical location."

That's evidence that's not easily repudiated, he said.

Page:   1   2   3  Next  »

Securing endpoints--also known as dealing with end user behavior--was a topic in several very different presentations at the SecureWorld Expo in Plano, Texas, this week.

Users--with their anywhere, anytime data access demands, and their often dangerous behavior, at least in security terms--are clearly a continuing challenge for security professionals. Education and security awareness were two of the remedies discussed; convergence technology, especially the ability to integrate physical and logical identities, also can be effective at influencing behaviors and enforcing policy, said a CISO of a major Texas medical center.
Insiders Everywhere

Insiders are anyone with legitimate access to enterprise data - and at the University of Texas Southwestern Medical Center in Dallas, that includes employees, students, contractors, caregivers, said Stan Waddell, CISO, in his presentation "Insider Threat: Trust is at the Heart of the Matter."

Addressing accidental and malicious data breaches and disclosures requires risk assessments, data classification, "minimum necessary" reviews, segregation of duties and sensible record retention and destruction policies, Waddell said.

"You can't reduce risk to zero" without destroying business productivity, he told attendees. The goal then is to limit the potential damage of breaches, and one way of doing that is limiting the number of records and data types to which insiders have access. "Even aggregators don't need to see sensitive data," he pointed out.

Watching the Workforce

Monitoring employee internal activities, including email, web browsing, removable media use, file and folder logging, is also important, as is letting users know you're watching them. "If you see suspicious activity, act; you can't afford not to," Waddell said.

Taking advantage of converged authentication technology can also be a deterrent against malicious or careless behavior, he told Security Squared in an interview at the show.

"The buzzwords of SSO and multifactor authentication have matured enough to be productivity aids," Waddell said. "You can understand where people go and what they do."

In particular, he noted when a badge swipe plus a one-time password is required for access, allowing an unauthorized user into the system requires collusion, whether for deliberate foul play or by loaning a badge--which can result in disciplinary action.

Further, the two-factor authentication provides an audit trail. "I know where you swiped, I know where you logged in," Waddell said. "I can tie you to a physical location."

That's evidence that's not easily repudiated, he said.

<!--nextpage-->

The Gen-Y Impact

As Waddell explained in his presentation, some breaches and disclosures, as well as other incidents, such as introducing a virus into the network, are purely accidental. A number of presenters and attendees discussed the issues of working with a generation of employees who expect, even demand, 24/7 mobile access to data--and who are more inclined to share rather than protect information. That can increase creativity as well as the potential for security issues.

"In some ways, we've been slow to perceive the needs of Generation Y, their desire for openness, to communicate quickly and easily," said Waddell to Security Squared. "They perceive what we put up as a roadblock, and there's some truth to that," he said.

Yet, Waddell said, security best practices don't always lend themselves to openness. His approach is to try to limit the risk, such as by allowing an activity but monitoring user movements, or turning off an application feature that doesn't materially affect the app but does increase security.

"There's a thin line between protecting the business and missing out on technology beneficial to the business," he said.

The "Virtualization of the Perimeter"

Security's delicate balancing act of providing the productivity and collaborative tools users want wherever and whenever yet protecting enterprise assets, from data to good will and branding, now encompasses customers, business partners and contractors who may not ever set foot inside enterprise headquarters. This trend is the "virtualization of the perimeter," according to Clifford Grossner, security solutions marketing, enterprise business unit, for Alcatel-Lucent.

Enterprises can no longer simply build a strong perimeter defense, Grossner pointed out in his session. Firewalls and secure zones aren't effective when so many vital users are outside the network. Today, what's critical is whether enterprise network elements are "identity aware," Grossner told Security Squared in an interview at the show.

That means switches with the ability to profile different user groups, then decide, based on group access rights, where an individual can go on the network. "The switch becomes integral in authenticating a user," Grossner said.

The convergence factor here is such switches accessing user roles and policies built into Active Directory or a Lightweight Directory Access Protocol-based employee directory. In coming weeks, Security Squared will cover this topic of "secure network fabric" (Cisco and 3 Com compete here too) and how physical security elements such as IP-based badge readers and video, may interact with these elements

<!--nextpage-->

All About Identity

The converged identity theme came up yet again in a panel discussion about securing endpoints. A big problem for many enterprises is knowing who is actually sitting at a keyboard, said Jim Fulton, vice president of marketing for digitalPersona, a biometrics OEM. "Having a chain of knowledge about who is actually doing things is a key issue for our clients," he told attendees.

Fulton asserted increasingly detailed compliance requirements will force enterprises to adopt stronger authentication measures and to develop strategies for tying logical actions back to a physical identity. "It can't just be a user name," Fulton said. "You have to build policies tailored to the needs of finance vs. legal vs. marketing."

The need for better policies and policing of them through education and technology solutions is going to be of personal interest to CSOs and CISOs, said Jim Smith of TrendMicro.

"It's about going to jail, because they'll be on the hook" for data disclosures and breaches, he said.

Smith argued that desktop and mobile device security issues will be solved only when hardware and operating system vendors get serious about focusing on security as a key component of a product, not an afterthought.

A Footnote On Wireless Worries

The most-often cited convergence point for wireless security is matching the location of a physical identity to a login so that the network can more rigorously interrogate a remote user at login and/or restrict data access or flag a remote login attempt occurring when the user associated with the login data is registered as having badged into the building.

That's a technology use that can't be too soon in coming, given the variety of nasty wireless security issues detailed by Kent Woodruff, Motorola AirDefense's chief engineer. He and others noted that enterprise users tend to be far too trusting about the security of public wireless networks.

In his panel discussion, Woodruff used a common sniffing tool to illustrate how many attendees' laptops were vulnerable to attacks via the show venue's unsecured wireless network. Such attacks, including side-jacking, phishing, brute force attacks, and the tools with which to launch them are increasing, with instructional videos posted on YouTube. Many of these are designed to capture the data a hacker will need to pose as an authorized user.

Woodruff said the most dangerous laptop of all is one that's used wirelessly at home and then plugged into the wired enterprise network with a still-activated wireless card in place. That enables cheap, homemade but highly effective probing tools to break in and gather data: passwords, logins for web authentication sessions, cookies, as well as to pass along malicious data packets.

In this case at least, the security remedy is clear:

"When you leave your wireless card on, it's always looking to connect," said Woodruff, noting that hackers can exploit that opening. "If you're not using your wireless connection, disable it."

# # #

No TrackBacks

TrackBack URL: http://www.securitysquared.com/cgi-bin/mt/mt-tb.cgi/133

Leave a comment