1: Use Linux
I can already hear the groans from the gallery, but the truth of the matter is, you will cut down on PC security issues if you begin migrating at least some of your desktops to Linux. The best way to do this is to migrate users who don’t require the use of proprietary, Windows-only applications. If you use Exchange, just make sure you set up OWA so that the Linux users can access Web mail. Migrate a quarter of your desktops to Linux and that’s a quarter fewer security risks you’ll have to deal with.
2: Block users from installing software
I’ve had to deal with companies that do this. Yes, it can be a pain when users actually need a piece of software installed (you’ll have to visit their offices just to enter the administrator credentials), but the dividends it pays off are significant. You’ll have far fewer viruses and less malware to deal with than you would if the users were allowed to install at will. The give and take is certainly worth it here.
3: Upgrade your antivirus
I’m always shocked when I see antivirus tools that are out of date. This goes for applications and virus definitions. When dealing with the Windows platform, it’s crucial to keep everything as current as you possibly can. Keeping antivirus up to date is the only way to help protect vulnerable machines from malicious software and files.
4: Switch your browser
Not to stir up the mud, but the truth of the matter is simple: Internet Explorer is still an incredibly insecure browser. One of the best things you can do is migrate your users from IE to Firefox. Yes, Firefox may be getting a bit bloated, but it’s still far more secure than the Windows counterpart.
5: Disable add-ons
Browsers and email clients make use of add-ons. Some are necessary for work — some are not. Those that aren’t needed should not be used. Although some add-ons offer some handy features, it’s not always possible to ensure the validity or security of an add-on. And even when you can, it’s not always a given that the add-on won’t affect the performance of the machine. I’ve seen plenty of Outlook, IE, and Firefox add-ons drag a machine to a screeching halt.
6: Deploy a hardware-based firewall
Let’s face it: The built-in Windows firewall is simply not sufficient. If you want real security, you need a dedicated firewall on your network. This firewall will be a single point of entry that will stop many more attempted breaches than the standard software-based firewall will. Besides, the hardware-based fire will be far more flexible and customizable. Look at a Cisco, Sonicwall, or Fortinet hardware firewall as your primary protection.
7: Enforce strict password policies
For the love of all things digital, don’t let your end users control their password destiny. If you do this, you’ll wind up with accounts and systems protected with “password”, “1,” or worse — nothing at all. Make sure all passwords require a combination of upper/lowercase, numbers and letters, and special characters. While you’re working on password policies, be sure you enforce a rule that passwords must be changed every 30 days. It’s an inconvenience, but it’s worth the security it brings.
8: Do not share networked folders with “Everyone”
Although it’s tempting (especially when you can’t figure out why a user can’t access a folder), do NOT give the Everyone group access to a folder. This just opens up that folder to possible security issues. If this becomes an absolute necessity, only do it temporarily. For security’s sake, spend the extra time troubleshooting why that user can’t access the folder, instead of just giving Everyone full access.
9: Use network access control, like PacketFence
PacketFence is one of the most powerful NAC tools you will find. With this tool, you can manage captive-portal for registration and remediation, and you have centralized wired and wireless management, powerful guest management options, 802.1X support, layer-2 isolation of problematic devices, and much more. With this system on your network, you can rest assured that rogue devices will have a much smaller chance of connecting.
10: Use content filtering to protect from malware
I’m not a big fan of posing as Big Brother, so I don’t advocate too much content filtering. I do, however, believe it’s valid to use content filtering to prevent malware. There are obviously certain phrases, keywords, and URLs that can and should be filtered, based on their history of causing malware. I won’t post the best keywords to filter for malware, as those words might land me in trouble. Just do a simple search for keywords associated with malware.
Securing your network and PCs is a constant battle. But with the right tools and strategies, your network can be a much safer arena for productivity. Give a few of these options a look and see if they offer the missing pieces needed to further secure your environment.
- marlinemonroe likes this
- foolproofshadeofgray reblogged this from beben-eleben
- gracebelarmino-blog likes this
- ralphapits reblogged this from beben-eleben
- toujours-benie likes this
- abbynicrush likes this
- boocarlaboo likes this
- terubyte likes this
- anjiluz likes this
- anilyam likes this
- thinkofareeya likes this
- notjustyourordinaryman likes this
- chocoblueberries likes this
- trudistomatoe likes this
- ninjangpayatot likes this
- mariyakatrina likes this
- palitngpalit likes this
- dailydoseofcoleen likes this
- imherbetterhalf reblogged this from beben-eleben
- joshuagenota likes this
- forever-in-christ-love likes this
- dippedwithshit likes this
- superinday likes this
- ayishin1103 likes this
- oxfordsandhoodies likes this
- the-yannnn likes this
- jcbuenaventura likes this
- ainonaitenshi likes this
- makaiau likes this
- fauxparadox likes this
- bitchesmayhem likes this
- kapitanmeron likes this
- kingmusha likes this
- sachirou reblogged this from beben-eleben
- ohhitsdenise likes this
- heyitsrudx likes this
- foreverdaweh likes this
- beasatellite likes this
- dcincopesos likes this
- walatalagaakongmaisipnaurl reblogged this from beben-eleben
- walatalagaakongmaisipnaurl likes this
- beben-eleben posted this