GNSC Blog

In Part 1, we went back to basics and started with the minimum security that every business and home computer should have.  

In this weeks article we’ll look at an equally important minimum for every small to medium sized business; knowledge, understanding and education. 

One of the most important things when approaching computer security is to remember there is no panacea.  Installing some piece of software or hardware does not make security problems go away.   The hardware or software may mitigate risk or help you manage risk but the risk never actually goes away.  Its important to remember this since our tendency is to rely on technology to solve problems. 

Take for example the firewall.  With it, intruders are knocking on our electronic door.  The firewall simply prevents intruders from walking right in.  Even so, the intruder keeps knocking and looking for other ways in.  The danger is the firewall can make us complacent.  What we don’t see or hear doesn’t bother us.  Yet, the risk never really goes away. 

A homeowner, even with locked doors and a security system,  would still wisely be on guard for the intruder if they knew the intruder was parked outside their door.   What if the intruder call’s his lock picking friend to attempt to open the locks?   Maybe he knows someone who can disable the alarm system?  Maybe he can even convince the homeowner he’s not a threat and let him in.  A wise homeowner is  always remains alert for trouble.  It should be the same for IT security. 

The first step in this process is education (assuming your are already running a good anti-virus program, supplemented with a good malware program and a properly configured firewall).  You need to know the issues, the threats and the risks. 

Here are some great places to get started.  Wade into the reputable security media on the Internet first before plunking down $$$ for classes or educational materials.

1. Security Focus – a good portal to general computer security news
2. ITSecurity – a more issue driven computer security site.
3. SANS – A leader in security information publishing, training and certifications.
4. Microsoft Security Central – Microsoft’s site for keeping you updated.

There are many more, but these will get you started.  If you want more or issue oriented ones, just contact us.  A perfect way to keep on top of issues is to subscribe to these site’s RSS feeds. 

In Part 3, we’ll define and discuss some of the current issues and terms in more detail.

I received a few emails on Part 1 and was asked why I didn’t include Patch Management as part of my article in Part 1.  Well the answer is, I could have but I chose not to.  Patch management is definitely important and it will be defined in Part 3 and discussed in Part 4.

Most computer users today know why they need anti-virus software.  Many realize they need anti-malware software to help fill in the gap where anti-virus does not protect.  Some even know why everyone should have a firewall.  Yet we still receive calls from people who installed each of these and were having trouble.  The issue was not installation but proper configuration. 

In this first installment, we’ll talk about the importance of properly configuring your basic security components. 

Before starting, if you haven’t read my article on The Importance of Proactivity, take a moment and see why these three basics need to be in place before you start networking your computers.

Step 1 – Installing and configuring your anti-virus program. 

While each vendor offers different ways to configure their products, there are generally four main areas that require a decision on how to work. 

1. Real-time scanning
2. On demand or scheduled scanning
3. Exclusions - what shouldn’t you scan
4. Updates to the database

Real time scanning is the function your AV product uses to protect you proactively against threats.  Real time scanning works by intercepting every read and write and scanning the file against the virus database.  If the file is infected, the AV program alerts and disposes of the file in some way.  When configuring this, you need to remember to set it to scan every file.  People were accustomed to disabling this protection for audio, video and document files to speed things up a bit.  Today these types of files are used to spread malware as well.  Reference the now infamous Pidief.A virus.  No files are immune. 

On demand or scheduled scanning is when you tell your AV program to scan your entire hard disk.  I can’t tell you how many people disable this, thinking that because their real time protection is active they don’t need this.  BIG MISTAKE.  You should scan each PC at least 1X per week, if not more.  The reason is that an unknown virus may infect a PC before the AV program is updated or if the program’s update module is not working or has been disabled.  

Exclusions are needed for various reasons mostly to prevent conflict with other files that may be seen as either as false positives or may cause some other conflict with a vendor product.  If a vendor tells you to disable your AV, your first question should be why?  And the answer should be a good one.  They should be able to explain why and how not having AV protection on a specific file or folder will not compromise your security.  To just take their word for it.  Ask the why and how questions. (Remember, people either disable or are told to disable AV all the time.  I was on the phone with Comcast the other day and the tech told me to disable my customer’s AV protection and then plug my PC directly into the cable modem, to diagnose a problem.  I asked why and they actually told me, the script they are told to read said to ask me to do that.   Watch out for this.

Your AV program is only as good as it’s updates. Your program should be set to update at least 1x per day.  Your program should also have the ability to tell you that it has been updated either visually or via a date and time stamp.  Most computer infections occur not because people are not using AV but because they have not updated their AV.  Remember to always make sure it’s updated.  If your computers are networked, your AV vendor should have a way of telling you which computers have not been updated.  Pay attention to these reports.

The follow-up question to all of this is always which AV product should I buy.  We’ve used and tested every one.  Who do we like?   We love Norman and Sophos.  Why?  Because of their superior protection, performance and customer support.  The other guys are lagging way behind in these areas. As for the free ones, I can’t recommend any but I have successfully used AVAST in the past and I still hear it’s a good product.

The other thing we like to see our customers large and small do is to create a layered approach and mix their AV vendors.  What I mean by this is using both a network or gateway based product along with a desktop product, each one being a different vendor.  What this does is ensure that endpoints on your network are not your only line of defense.  The more stuff that can be stopped outside your network, the better.

Step 2 – Install and configure a good anti-malware program.  This is easier said than done.  There are so many bogus anti-malware programs out there that actually infect your computer with malware.  I have found the following ones to be reputable: PCTools Spyware Doctor, Uniblue’s SpyEraser and Lavasoft’s AdAware and then there is Windows Defender.  I especially like the network-based ones (Cymphonix) that scan everything at the gateway.  They all have their benefits and drawbacks.  Caution, don’t Google up anti-spyware and install trials or free scans. You’ll regret it later.  Configure your product to provide whatever proactive protection it can and then configure it to scan ALL your hard drives at least 1X per week. 

Step 3 – Install and configure a good firewall. 

First off, Windows firewall is not good enough.  It’s a good  2nd layer of protection but it in no way eliminates the need for a good firewall.  Secondly, get a good firewall.  Don’t buy $50 specials on the clearance racks.  The cost of preventing one incident in the life of a company pays for the initial cost of a good firewall many times over.  Figure $500 as a good starting point.  Third, when it comes to configuration, let an expert do this for you.  Ask the vendor who is authorized to work on their units.  Fourth, make sure you turn on the firewall’s log.  Tell the person who is installing and configuring it, you want logging turned on.  Don’t settle for NO.  We’ll cover logging in more detail later.  For now however know that logging gives you a history of what happened on your firewall over a period of time.  Without it you have no evidence of activity or changes.  Finally, use a service or tool to test your firewall’s settings. Nmap is a good open-source tool for this purpose.  But again, don’t try to do it yourself; let an expert do it.

What firewalls do we recommend?  Over the years, we’ve sold several but the two brands that we like best are Astaro and Cyberoam.   They both provide excellent protection, will grow with your company and their customer service is excellent.  They also are full Unified Threat Management platforms meaning they can used as a firewall but also can perform email and web filtering along with Intrusion prevention and act as a VPN for remote access.  Units like these provide greater value over time than typical entry-level devices. The Cyberoam unit is especially suited to small business due to its intuitive interface, its rich set of standard features and a great price.

So there we’ve completed 3 key steps to getting your on your way to a more secure computer network.  In Part 2 of this series we’ll be address the next phase of computer security; education and knowledge.