Endpoint security: The weakest link

But when you are thinking about security, you really do have to continually find and eliminate the weakest link, because that is the first thing the attackers will go after. If there is one thing that we know about hackers, it's that they don't give up easily. There is too much money at stake, so they are continually searching for the next weak link in the chain. And this time they've found a doozy.

More on security Security resource center Systems management essentials for SMBs

Over the past year or so, we've increasingly seen the endpoints being specifically targeted on the consumer side and the corporate side. Once an endpoint is compromised, the bad guys have free rein on the internal network to steal information, compromise more machines, and/or turn these devices into zombies that are ready-to-launch denial-of-service attacks, send spam and phishing messages.

The endpoint is a juicy target for a few reasons :

• Insecure operating system. Since a majority of the world runs Microsoft Windows, finding client-side vulnerabilities has been like shooting fish in a barrel for the bad guys. Many SMBs don't patch immediately, so common exploits become big issues.

• Human behavior. End users love to click on stuff. They open messages from people they don't know, divulge private information to strangers, download random software and click on ads and links without regard to what lurks behind. Most users I've come across can't help it. They also know they shouldn't have done something after the damage is done. But it seemed like a good idea at the time.

• Increasing mobility. In today's mobile world, most people have laptops, and they keep private information on them. Not only is there a thriving market for "hot" laptops, but if a bad guy is specifically trying to compromise your company, one of the easiest places to start is by pilfering a laptop.

So how can a small or medium-size company defend against these increasingly common attacks? Here is a five-point plan to begin addressing the issue:

1. Education. Users need to constantly be reminded about what they can and can't do with their machines. This is especially important for employees with laptops, given that they are likely connecting into the network from remote locations, which are not as controlled as your own internal network.

2. Desktop security suite. Amazingly enough, there are quite a few SMBs that have not deployed antivirus, antispyware and personal firewalls on their devices. If you don't have all of your Windows machines protected, walk away from your machine right now and don't come back until it's done. This will eliminate most of the attacks that we already know about. Macs should also have protection, by the way.

3. Password-enable your screensaver. Many machines are compromised because employees walks away and don't lock their computers. These are easy pickings for anyone who has physical access to a machine. After five minutes max, your machine should lock and require a password to be opened.

4. Encrypt data on your laptops. The best way to find yourself on the cover of The Wall Street Journal is to lose data on a large number of customers. And privacy breaches are not restricted to only large enterprises. Apple Computer Inc. already offers the ability to encrypt the data in Mac OS X. There are many third-party tools (from PGP Corp. and SafeBoot NV, for example) to encrypt data on Windows.

5. Implement default-deny. Even if a machine is compromised, if it can't send data back to the bad guys, then it's not much use to them. If you block all inbound and outbound ports that are not specifically required for applications on your routers and firewalls, you are cutting off the ability of the bad guys to utilize the machines.

None of these techniques are overly hard or new. But you need to do them and be consistent about it. There are lots of more advanced techniques that can also make a difference (like network admission/access control, Secure Sockets Layer virtual private networks, strong authentication, etc.), but first things first. There will always be the next weakest link. Make sure your endpoints aren't it.

Mike Rothman is president and principal analyst of Security Incite, an industry analyst firm in Atlanta. Reach him via email at mike.rothman (at) securityincite (dot) com.

Rate this Tip To rate tips, you must be a member of SearchCIO-Midmarket.com. Register now to start rating these tips. Log in if you are already a member. Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Information security management for the midmarket Droid does, but will IT support it? Information security program revamp adds outsourcer oversight and more From data breaches to risk management frameworks: Test your knowledge The challenge of managing risk when IT budgets tighten Why cybersecurity awareness is everyone's responsibility Information technology management e-book downloads for midmarket CIOs 10 must-have steps for an effective SMB information security program Your IT security budget: How to get more bang for the buck Using key risk indicators to sell your information security program IT security spending a bright spot in '09, with more growth predicted Risk management for the midmarket Information security program revamp adds outsourcer oversight and more From data breaches to risk management frameworks: Test your knowledge Adopting a beta tool: Risks vs. rewards for a midsized enterprise The challenge of managing risk when IT budgets tighten Why cybersecurity awareness is everyone's responsibility How to decide if changing technology vendors is worth the time, risk A guide to managing the risk assessment process Free risk management tools and resources for the enterprise CIOs taking risk of cutting vendor maintenance contracts to save money 10 must-have steps for an effective SMB information security program Security for the midmarket Information security program revamp adds outsourcer oversight and more Your IT security budget: How to get more bang for the buck Locking down security in the move to electronic medical records A CIO's advice for implementing single sign-on solutions Options for outsourcing security grow, offer IT budget savings Network access control: Pointers for getting the knack of NAC Stopping malware viruses from attacking Web 2.0 technology Virtual servers no escape from IT security management concerns Unified communications: Securing access to OCS Unified communications security: How safe is it? RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.