End Point Security: How to effectively police your network.

For the uninitiated, the only relevance the term end-point security will likely have is that it will represent the end-point on the list of things marked: ‘things I don’t know about or care about’.  For those of us in the know however—amidst a ream of glaringly high profile security breaches across the public sector—end-point security has not so much snuck onto the agenda, but simply smashed the door down, steam-rolled in, and announced itself as yet another security concern of which we all need to be aware.

So what is it exactly?

Well, before we get into the technicalities, the specifications and the requirements, let’s begin with a few startling stats to liven things up.  If I was to ask how many unsolicited USBs, iPods and mobile phones are connected to your fully secure network, your answer may range from ‘I don’t know’, to ‘I don’t care’ to the slightly more acceptable ‘why should I care?’  Funny you should ask. 

When carrying out ‘proof of concept’ audits, we’ve found that in just two weeks, 80 employees transferred over 40GB in data across 5560 separate files. These included 30 illegally ripped films, of which the largest was over 3GB!  In a separate audit we found a total of 18GB transferred in just 2 weeks, which included over 300 MP3 songs, illegally ripped satellite navigation software as well 1,500+ unencrypted documents.

Clearly this is a problem which needs addressing. However without the adequate solution, pinning down the source and scale of this type of activity can be almost impossible.  Indeed, to paraphrase Donald Rumsfeld’s finest work, whilst there may be activity on your network that you know you don’t know about, there may also be activity that you didn’t know you didn’t know about, and it is this that can be the most problematic, particularly in light of the growing media interest and accompanying legislation surrounding the protection of sensitive data.   

Such is the scale of this type of activity across the public sector, the ‘Data Handling Procedures in UK Government’ issued a report in June 2008 which highlighted the need to restrict access to public sector data and encrypt data held on removable storage media such as CDs, USB keys and laptops. The report has since led to a raft of rigorous product specifications being developed for the procurement of information security products by public sector departments throughout the UK.

You see, as the evidence above demonstrates endpoints are basically the frontier of your network; the doorway to every file on your server; the hub of all activity in and out of your otherwise secure network.  And for that reason, it is essential that you give them due care and attention.  Just as worrisome is the potential threat from the rise in malware through such unrestricted data transfer.  Since the 2007, the rise in the number of unique examples of malicious software has risen 500% to a staggering 5.49milion.  These can wreak havoc with internal settings, put confidential files at unnecessary risks, and generally waste valuable resources, time and money. 

The challenge of designing a rigorous enough security system to deal with such threats, whilst ensuring everyone has the freedom to work is becoming an increasingly difficult balancing act.  Here at Equanet, we’re able draw a line between both freedom and protection, whilst being aware of the importance of both.

So, what can you do about it?

Well, the breadth and depth of your chosen solution can be as technical—and more importantly—as effective as you like.  The technology is available to ensure you can deal with this burgeoning issue in the best way possible.  Of course, you could try the age-old tried and tested ‘ignorance is bliss’ policy.  Unfortunately, you may find out later rather than sooner that this is none too effective and none too blissful.  Alternatively, you could try implementing an overtly stringent access policy which seeks to defunct every single point of access to every single member of staff, regardless of the freedom, benefits or necessity of these devices.  Once again though, this solution is unlikely to meet your requirements. 

Surprisingly, whilst these opposing solutions are neither desirable nor effective, paradoxically, they both offer benefits that we think are worthwhile.  With the former, you will have complete freedom to transfer data and use any device whenever needed.  A good start.  With the latter, you’ll have peace of mind in knowing there will be no security breaches.  Even better.  However, it is only when paired together that we think these benefits are of any use. 

What solutions are available?

With Lumension Device Control, you can enforce organisation-wide usage policies for removable devices and media.  This five-step programme can allow complete end-to-end protection whilst ensuring you have the freedom to work:     

1. Discover - identify all removable devices that are currently or have ever been connected to your endpoints through the use of a “learning” mode that allows you to collect information without disrupting business.

2. Assess - define rules at both default and machine-specific levels for groups and individual users with regards to device access by class, model and/or specific ID and uniquely identify and authorize specific media. These permissions can be linked to the user and user group information stored in Microsoft Active Directory or Novell E-Directory.

3. Implement - enforce device and data usage policies by: file copy limitations (amount per day, time of day) and file type filtering. You can also enforce the encryption of data moved onto removable devices and apply permissions to specific groups of endpoints, ports, devices and users (both on- and off-line), including scheduled / temporary access.

4. Monitor - monitor the effectiveness of device and data usage policies in real time and identify potential security threats by logging all device connections, recording all policy changes and administrator activities and tracking all file transfers by file name and content type. You can even keep a copy of every file that is transferred to or from a removable device using the patented bi-directional shadowing technology.

5. Report - create both standard and customized reports on all device and data activity showing allowed and blocked events, which can be saved into a repository, shared via email, and imported into 3rd party applications. Detailed forensic reports and comprehensive auditing capabilities enable you to demonstrate compliance with internal security policies and external government and industry regulations such as SOX, HIPPA or PCIDSS.

Who is actually using this solution?

As the market-leading end-point protection solution, the response to the Lumension offering has been overwhelming, with widespread usage across the emergency service sector. So far, 18 out of 42 police forces have adopted the solution, the latest of which is the Norfolk Constabulary,

"We decided to deploy Lumension Device Control to enable us to restrict the use of removable storage media such as floppies, CDs, USB sticks, USB printers and digital cameras on 3,000 desktops spread throughout the county. Our default policy had been to deny all USB device usage, however, certain parts of the force needed to be able to connect devices such as cameras. For example, where officers were examining images of traffic offences and accidents, or to load images of people on to the sex offenders register. In the case of the Sex Offenders Register, we also needed to prevent the connection of any other type of device e.g. printer, USB memory stick, CD writer, etc.  Lumension allows us to tightly control USB usage, while enabling necessary USB device use for certain members of the force.”

Peter Herring, Info-Security Risk Assessor/Auditor"

Key Features

The Next Step

We can set up a 30 day trial, with no software charge. This will help you quickly and easily identify potential issues on a zero risk basis.  The trial will give you a complete view of all network activity, including frequency and volume of data transfers, a breakdown of each users specific activity, including the number of times an USB stick, Ipod or mobile phone was used. The solution can reduce these occurrences and therefore the propensity of the end user to introduce Malware to their PC, as well as providing an encrypted, managed platform to allow secure transfer and transport of data.