01:53 PM
The Staff of Dark Reading
The Staff of Dark Reading
Connect Directly

Top 10 Most Overlooked Aspects of IT Security

Before you hunker down, all comfy and cozy, in front of a crackling holiday fire, hold the fruitcake and eggnog: Feel like you're forgetting something?

Out of sight, of out mind. Many IT departments carefully watch their employees in the office, but they fail to monitor just what software their users are installing or what hardware (think thumb drives and iPods) they're plugging into their desktop or laptop machines at home -- or who else may have access to those machines.

The rash of laptop losses and thefts at major corporations and government agencies over the past year has red-flagged the problem of securing data when it leaves company premises. But what about the machines that sit in home offices where telecommuters work daily, or company executives work after-hours? And what happens when a user's home is broken into and his laptop or PC stolen?

"The problem companies face with home workers is that the security boundary with the Internet has been extended to hundreds, even thousands of remote locations," says Geoff Bennett, director of product marketing at StreamShield. "The odds of a weak point are multiplied exponentially."

Ironically, top execs can be the biggest weakest links in the home-user chain. "The CEO and CFO want to store sensitive information locally on their laptops because they don't want to worry about VPNing in," says Consilium1's Kelly.

Few IT organizations have the means to restrict user-access when it's not on-site: Home users may leave their machines connected to the company network, or give passwords out to family or friends. And watch out for those technologically precocious kids in the house.

"In one instance, a CEO's kid got on his machine and renamed critical financial files. The firm was unable to do a planned stockholders' meeting as a result," says Rob Enderle, principal analyst with the Enderle Group. "End point security remains important especially if the equipment isn't on premise."

Security assessments are rarely, if ever, done of the homes of these users, Enderle says.

And now, as home users increasingly become the targets of phishing attacks and botnet attacks, the company-issued laptop and the user's home PC with VPN access can leave the corporate network at risk. "If their machine has turned into a zombie and has access through a VPN to the corporation, the corporation is clearly exposed," Enderle says.

Most zombie infections use keylogging, which captures password information. And a zombie PC also becomes a spam pipeline, says StreamShield's Bennett, which can wreak havoc since most corporate email systems are configured to filter inbound, not outbound, spam.

"The assumption is that one's own employees are not likely to send spam. But a compromised PC will act as a spam relay," he says, which could result in the company's legitimate email being blacklisted by other organizations.

One way to lock down home users is to eliminate VPN access and instead use biometric, multi-factor authentication to email and "the most limited set of resources needed to do the job," Enderle says.

A home security audit is also helpful, as well as training home users how to best protect their computer and the company network. "And the computer accessing the corporate resources should remain administered and patched, and protected to a degree sufficient for the level of access the remote employee has."

5 of 10
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This is a secure windows pc.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.