Advertisment

Tools that can help protect data at End Points

author-image
CIOL Bureau
Updated On
New Update

Altaf Halde

Advertisment

BANGALORE, INDIA: In the not-too-distant past, endpoint security simply meant keeping your anti-virus software up-todate. Much more focus was directed at protecting an organization's servers and network infrastructure. Not that the threats against servers and the network have become any less dangerous, but cybercriminals have shifted their focus to the endpoints. That's where end users do their work, and end users are not only your organization's asset, they can also be its weakest link.

In fact, many consider endpoints to be the most vulnerable part of any organization's network. A recent global corporate Endpoint Assessment Test conducted by Sophos found that 81 percent of corporate endpoints failed basic checks such as missing anti-virus, firewalls, and security patches.

Advertisment

Endpoint includes laptops and desktop PCs. Endpoints can also include mobile devices & phones, removable USB hard drives, CDs/DVDs etc. In addition to viruses, specific data leakage threats against laptops and desktop PCs (and end users) include spyware, Trojans, rootkits, other malware, lost and stolen laptops and social engineering.

. Physical Security of End points

It is very important to start of the discussion of endpoint Security with laptops, because lost and stolen laptops have become the single most frequent computer security incident and are a major source of data leakage for organizations worldwide. It has been widely reported that approximately 12,000 laptops are lost in U.S airports every week. Unfortunately, there is no recorded study of India scenario but in our day to day interaction with customers and partners at large, we come across at least one instance of the opposite person telling us ‘yes, we have had a

laptop theft’.

Advertisment

Although most laptop thieves are interested in the value of the hardware, rather than the data on the laptop, organizations must prepare for and expect the worst when a laptop is stolen. Most data protection laws now require public disclosure when individual private data is potentially compromised such as when a laptop is lost or stolen. However, if the data was properly encrypted, many laws recognize that the data is still protected and therefore do not require costly and embarrassing public disclosures in such cases. In India, it has taken a lot of time and a lot of

education to make it clear to organizations using laptops that a laptop theft has to be considered as ‘potential theft / misuse of data that resides on the laptop and not the actual value of the laptop hardware cost’.

Since physical theft of laptops is so common, it seems logical to begin with physical security. Today, laptops are everywhere and hardly anyone notices when you turn on your laptop to work on a few e-mails in a busy airport terminal while waiting for your flight. Hardly anyone, that is, except the opportunistic thief waiting for that fleeting moment when you are briefly distracted. Then, your laptop and the thief inconspicuously disappear into a crowd of people, all carrying

more or less identical black laptop cases.

With any luck, you've only lost a Rs.30,000 laptop. But if you haven't taken appropriate precautions, you can't be sure that your company, your customers, or your own confidential or private data won't end up posted on the Internet. If you were carrying around the construction plans for the Death Star on your laptop, well then, you may have just single handedly brought about the end of our civilization!

Advertisment

A tip to secure your data–



{#PageBreak#}

Install laptop security tracking software. This software sends a heartbeat back to the organization or a managed security service when a lost or stolen laptop connects to the Internet. The laptop data can then be remotely erased and its physical location possibly even tracked.

Advertisment

. Anti-Virus Protection

Long gone are those days when computer viruses did little more than frustrating users by rearranging their desktop icons or rolling an annoying ambulance across their monitor screen. Viruses today are more prolific, destructive, and sophisticated than ever before. Malware (including viruses) is designed to steal information and provide back door access to systems.

Anti-virus software’s are as important as ever in providing comprehensive security for endpoints. Anti-virus protection includes signature based and heuristics based software. Signature based anti-virus software is the most common anti-virus software in use today. Antivirus signature files are developed by security vendors to detect and prevent known virus threats and are typically downloaded to servers and individual systems automatically on a predetermined

schedule, perhaps daily or as often as every 15 minutes. Signature based anti-virus software is effective, but largely reactive, in its approach.

Advertisment

. Some limitations of signature based anti-virus software include–

. As the number of viruses, worms, and Trojans as grown rapidly over the years (now more than one million), so too has the size of signature flies. This is storage space, and processor/memory utilization.

. Because signatures are developed for known threats, there is usually a lag when new threats, known as zero-day or zero-hour threats, emerge. This lag (several hours or days) exists because a new threat that is ‘released into the world’ must first be detected and studied. Then a solution must be developed, tested, distributed, installed, and executed.

Heuristics based anti-virus software uses more proactive approach than signature based anti-virus software to detect and prevent computer viruses. Heuristics based software monitors normal operating system and application behavior to determine whether unusual activity or anomalous behavior that may possibly be associated with a virus occurs, then prevents its execution. For example, launching Notepad in Windows should normally open a stealth connection to the internet and transfer files to a server located in Nigeria. This could be a strong indication of a virus or other malware, which a Heuristics-based anti-virus solution would prevent from executing.

Advertisment

. Heuristics based software analyzes the behavior of code at two stages–

. Pre-execution: Behavior of code is analyzed before it runs and is prevented from running if it is considered to be suspicious or malicious.

. Runtime: Intercepts threats that cannot be detected before execution.

Many anti-virus solutions today incorporate both Signature based and Heuristics based strategies to protect against known and emerging virus threats. In addition to anti-virus protection, a comprehensive endpoint security solution should protect against spyware, adware, Trojans, and rootkits. These threats are often unwittingly installed on endpoints through unauthorized applications, which we discuss in the next session.

. Application Control

Application Control software blocks or restricts the use of unauthorized applications that may adversely impact network performance, user productivity, or system security, such as instant messaging (IM), peer-to-peer (P2P) file sharing, Internet games, VoIP clients, and other potentially unwanted applications (PUAs). Such applications may be used to intentionally or accidentally leak data.

{#PageBreak#}

. Protecting Endpoints with Enterprise Encryption

Encrypting your data will help ensure your data remain safe from disclosure and your organization remains safe from costly and embarrassing data leakage liabilities, in the event that a laptop or other equipment ends up lost or stolen. Encryption is the process of converting plaintext data into unreadable cipher text using a known algorithm and a secret encryption key.

. Full-disk encryption

Full-disk encryption (FDE), also known as whole disk encryption, encrypts the entire contents of a hard drive using a software-based or hardware-based encryption system. Hardware-based encryption systems are typically faster than software-based encryption system because they don't require CPU processing power or memory. Thus, data residing in

memory isn't vulnerable to data leakage on hardware-based encryption systems. Instead, encryption is accomplished on the Hard drive itself (HDD FDE) or on a separate chipset (still largely under development)

. File-level encryption

File-level encryption is used to encrypt individual files or folders. File-level encryption systems can automatically encrypt all files in a certain directory (for example, My Documents) or can be used to manually encrypt individual files. File-level encryption also allows end users to create different encryption keys for different files for additional security (and Complexity).

. Endpoint Compliance

An endpoint compliance solution should check connected laptops and PCs to ensure that they're compliant with corporate security policies, and fix, quarantine, or otherwise isolate noncompliant endpoints. Endpoint compliance helps to prevent configuration drift and reduce DLP risk, for example, due to employees turning off firewalls and anti-virus software.

. Restricting Storage Devices and Removable Media

Organizational policies need to address the use of removable media and portable devices to ensure data is not lost or stolen, malware is not introduced into the organization's network and systems, and acceptable use policies are properly enforced. Controlling which devices can be connected to an organization's endpoints and for what purposes significantly reduces an organization's risk for data loss. For example, restricting the use of generic USB devices that data

cannot be copied from an endpoint unless it is properly encrypted on the flash disk.

 Following and implementing the above points religiously will give 100 per cent security for your valuable data.

(The author is Country Director, Sophos, India)s

tech-news