Mobile security devices: Simple steps for SMBs

There are different steps to take when securing mobile devices, depending on the type of device you have. USB keys and wireless access points (WAPs) are two very different creatures. What works for one may not work for the other.

No matter the device, the first step is to have a written security policy prohibiting employees from installing and using nonstandard equipment. Nonstandard means anything not purchased, approved, scanned, built or reviewed by your IT department. This includes devices such as the latest WAP or mobile gizmo that an employee buys on his own.

Securing USBs

For devices that provide direct physical access, such as USB keys and tokens, or iPods, which are overgrown USB devices, there are equally effective physical controls for blocking access. Some of these controls are already baked into Windows and can be easily turned on by any system administrator.

• Restrict access to USB ports to only those employees who may have a specific business need to download and take data off the premises. Even then, only limited bits of data should be allowed, like information needed for a single project. Physical access to USB devices can be restricted in the Group Policy Objects (GPO), the Device Manager or the registry on Windows machines, or through BIOS settings on other machines.
• Turn off AutoRun on Windows machines to block bootable USB devices from automatically connecting to your network.
• Allow only USB devices that have been approved and scanned prior to use by your IT department. If possible, have them use encryption.
• Turn on Event Logging in the Auditing section of the GPO on your Windows machines to monitor traffic. If malware is downloaded from a USB device, this will enable you to trace back the offending desktop and, hopefully, who put the contaminated USB key there.
• Cleanse any USB devices after use by purging any data on them after completion of a project.

Securing ...

To read more you must become a member of SearchCIO-Midmarket.com

As an existing member of the TechTarget network please activate your SearchCIO-Midmarket.com account 

By joining SearchCIO-Midmarket.com you agree to receive email updates from the TechTarget network of sites, including updates on new content, magazine or event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile or unsubscribing via email.

TechTarget cares about your privacy. Read our Privacy Policy

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Security for the midmarket Information security program revamp adds outsourcer oversight and more Your IT security budget: How to get more bang for the buck Locking down security in the move to electronic medical records A CIO's advice for implementing single sign-on solutions Options for outsourcing security grow, offer IT budget savings Network access control: Pointers for getting the knack of NAC Stopping malware viruses from attacking Web 2.0 technology Virtual servers no escape from IT security management concerns Unified communications: Securing access to OCS Unified communications security: How safe is it? Tools and Technology: Avoiding cool-tool envy Fixed-mobile convergence saves firms costly mobile phone charges Smartphone envy creates chaos for CIOs IPhone improvements OK, but not a sure thing IPhone: CIOs ponder personal tech toys in the office Wireless LAN security tools: SMB Buying Decisions Mobile technology for the midmarket Mobile device management: From business apps to device security Droid does, but will IT support it? Virtualization management strategies ezine for CIOs Midmarket data center management guides: Tips and best practices Information technology management e-book downloads for midmarket CIOs 2008 top 10 technology articles: Social media, Vista, IT salaries FAQ: What is unified communications, and why would I want it? Mobile unified communications options for the midmarket Top five technology trends -- and why you should give thanks Arts center's network infrastructure hits right note with Wi-Fi, FMC

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary USB  (SearchCIO-Midmarket.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

laptops

The time is long gone when an SMB's computer network was confined to the office. Now, it's wired -- and unwired -- to the world, for good or bad.

• Employees should only be allowed to use laptops purchased, reviewed and scanned by your IT department. Personal laptops, or other laptops brought in from the outside, shouldn't be allowed on the network.
• Use encryption tools, such as SafeBoot, to protect malicious access to stolen or misplaced laptops.
• Laptops should be set up with a standard build for employees that can't be modified, or allow the downloading of software. They should be hardened with antiviral and firewall software.
• Use Network Access Control (NAC) software to scan laptops and remote desktops connected to your network, to make sure they meet your IT security standards and are sufficiently hardened.

Securing WAPs

Wireless devices can be particularly insidious, since they can sit unnoticed under a desk for a long time, spewing data out to the world and doing all kinds of damage. USB devices, on the other hand, are usually put in and taken out quickly.

• Generally, WAPs should be barred altogether from your network. But, as with other portable devices, if there is a business purpose, only those devices approved, reviewed and installed by your IT staff should be allowed.
• Make sure all WAPs have encryption, such as Wired Equivalent Privacy or Wi-Fi Protected Access, always turned on. Better yet, set up your WAP as part of a virtual private network (VPN). This ensures all traffic between the WAP and the device move in an encrypted tunnel.
• Scan your network regularly for unauthorized wireless devices. There are several good tools, including free ones, like NetStumbler and Kismet. Any unapproved WAP should be taken down as soon as it's found.

Confidential data walking out the door is scary for any organization. For SMBs without a dedicated information security staff, data loss can be fatal. Large organizations may take a hit in the press, lose prestige and business, or even be sued, but they have the corporate bulk to eventually survive. SMBs can lose their entire business -- and livelihood. Follow the simple steps above and you'll be much less vulnerable.

Joel Dubin, CISSP, is an independent computer security consultant in Chicago. He is a Microsoft MVP in security, specializing in Web and application security, and the author of The Little Black Book of Computer Security, available from Amazon.

Rate this Tip To rate tips, you must be a member of SearchCIO-Midmarket.com. Register now to start rating these tips. Log in if you are already a member. DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.