Five Cheap But Effective Tips To Improve Security

Today’s datacenter needs to use resources efficiently to flexibly adapt to changing business requirements. Check back for updates on how to get the best performance from your IT infrastructure at the best total cost of ownership.

Savvy companies look at IT infrastructure as a strategic enabler of business initiatives, not as a cost center. Check out this specialized content to see how business needs can drive the data center.

With business requirements evolving so quickly, find out how your enterprise can ensure the longevity of its IT investment and deploy technology today to meet tomorrow's needs.

Five Cheap But Effective Tips To Improve Security
Periodically checking for rogue wireless access points, along with four other simple, yet inexpensive, improvements you can implement, will help boost the security of your enterprise.

By Sharon Gaudin
Optimize
April 2007

While a lot of security technologies come with impressive price tags, there are some fairly inexpensive things you can do to make your enterprise more secure.

We picked the brains of a handful of security experts and got their ideas for the five cheapest security changes that would have the most impact. We skipped the obvious choices, like creating more complicated passwords and not leaving the door to the building or the server room open. The experts gave us suggestions that ranged from using digital signatures on all sent e-mail, to what to not allow into the system, and what might be hidden in the office.

"There are things you can do to secure your network without it taking a hit on your budget," said Brian Dykstra, a senior partner with Jones, Rose, Dykstra & Associates, a computer security and training company. "One of the biggest mistakes people make is to think they can't afford to make any changes so they bury their heads in the sand. That almost always leads to a bad situation."

Here are five suggestions:

Periodically check for rogue wireless access points in corporate buildings.
The problem here is that some companies don't have wireless access or they have restricted access, and some users will think they can sneak their own wireless access points in to make their lives a little easier. Maybe they want wireless from a conference room or from their desk. They set it up without IT's knowledge, or guidance, and they often leave it unsecured.

That means a hacker who is targeting the company now has an open door into the network. "There's always rogue access," said Dykstra. "It's under the desk, or stuck behind a desk drawer. In any kind of large environment you go into, you'll find a couple of them. The IT managers will always say, 'Oh no, no. Not us.' And then you find the Linksys access setup."
Enable Windows Update on all computers..
However, be sure to remember to verify that the systems actually are being patched, said Ken van Wyk, principal consultant with KRvW Associates.

It's an easy step that will ensure that systems are patched as soon as possible, but Dykstra said it's "stunningly amazing" how many companies don't take advantage of it. "Whenever I'm teaching, people stop me and ask what they should do on their own computer to improve their security," he added. "I tell them to enable Windows Update. Let it automatically accept all [the patches] all the time. Your average non-IT person isn't going to make a smart choice about what patches they need."

Another thing to keep in mind, though, is that not every computer will accept the patch update. Some glitch is going to shut down the update process before it's done and if the IT manager doesn't verify that it's gone through, an unpatched computer could put the whole network at risk.

"Sometimes you'll go back and find out that there's a machine that always denies a patch," said Dykstra. "And here you thought you didn't have to think about this process, but this machine was actually never being updated. That's fairly common in a big environment."

Don't allow html e-mail through.
E-mail that uses html to enrich the images, the background, or the text opens the door for security problems, according to Rohyt Belani, managing partner with Intrepidus Group, a security consulting company.

Phishers are relying more and more on html e-mails, which also are known as e-mail with active content. Belani explained that html enables spammers or hackers to disguise their attacks by allowing them to mask the URL address to which the hyperlink points. The link may read www.yourbank.com, but it actually might point to a Russian hacking site. That helps the hacker con unsuspecting people into clicking on the link, which most likely will take them to a malicious site where their machine is infected with malware.

"You would not know this unless you viewed the source of the html e-mail, which non-IT-savvy won't know to do," said Belani, who noted that it's a simple step to block html e-mail at the gateway, just like many companies do with executable attachments.

Belani also said few companies need html e-mails. "E-mail may not look as pretty," he said jokingly. "It enriches the text, but also hackers' abilities."
Training, whether for users or the IT staff, will pay off in the long run.
Most of the security experts contacted recommended training. Yes, there's a cost involved but they either said there are ways to make it less expensive, like doing it in-house, or that in the long run the investment will more than pay for itself.

"That's my number one thing," said Dykstra. "No matter what you do, there's nothing cheaper than training up your personnel. You could even do it in-house if you have somebody who is willing to put this together. If I train somebody in what to be prepared for, or how to prepare for an incident that's going to happen, that one effort will have a long-term payoff. If I buy some box and put it on my network, I'm not sure I'm going to get the same level of continuous payoff. Making people smarter is always a smart move."

Dykstra also said that he would focus on giving his IT staff security training before he would move on to the users. He noted that many techies aren't given any, or enough, security training in college and it's often cheaper to train them because it's a smaller group than the company's mass of users.

"If they have a few classes on patch management, or security incident response, or how to secure users then you have this smart IT base and they're going to make better decisions," he added. "They need this kind of training."
Consider using Mozilla Foundation's Thunderbird and Firefox as possible alternatives to Outlook and Internet Explorer.
Since Microsoft's applications heavily dominate the market, they're the main target for hackers and virus writers. It's not an issue of bugs. Mozilla's Firefox actually had nearly twice as many reported vulnerabilities as Internet Explorer in a recent six-month span, according to Symantec's Internet Security Threat Report. The issue is that hackers simply are targeting Microsoft's software and basically leaving Firefox and Thunderbird alone.

"Attackers are writing their malware to market share," said Ken van Wyk, principal consultant with KRvW Associates. "That is, they're targeting the big guys the most — IE and Outlook. Switching to anything else will improve your security, not because those things are more secure, but because those other products aren't what the attackers are going after, by and large."

Keep in mind, though, that if enough people were to take van Wyk's advice, everything would change. "Of course," he added, "if the world changes to Firefox and Thunderbird, the attackers will go there, as well."

	Mannington Mills scales with Dell and SAP

	Tellabs pushes virtualization with Dell PowerEdge servers

	Acuity streamlines with Dell virtualized servers and storage

	Edmunds.com chooses Dell to support exponential growth

VMware: New King Of The Data Center?
InformationWeek
October 13, 2007

VMware Upgrades ESX Hypervisor, Management Tools
InformationWeek
October 8, 2007

Rising Energy Costs Mean Revamped Data Centers, says Gartner
InformationWeek
October 3, 2007

IT Survival Guide: With Virtual Machines, Management Is Key
InformationWeek
September 29, 2007

Intel, VMware Partner in Virtual Machine Migration
InformationWeek
September 28, 2007




	CASE STUDY: Mazda North America Zoom-Zooms with Virtualization Read more » WHITE PAPER: Performance and Energy Advantages of Dell Energy Smart Servers and Liebert Cooling Systems Read more » SERVER CONSOLIDATION CALCULATOR: Estimate the benefits of consolidation Read more » POWER SOLUTIONS WHITE PAPER: Virtualization Enters the Mainstream Read more » POWER SOLUTIONS ARTICLE: Achieving Balance-Sheet Business Value with Virtualized Server Solutions Read more » POWER SOLUTIONS ARTICLE: Deploying iSCSI Storage with VMware Infrastructure 3 Read more » POWER SOLUTIONS FEATURE: Optimizing iSCSI SANs with Intel PRO Server Adapters and iSCSI Remote Boot Read more » POWER SOLUTIONS ARTICLE: Virtualization Management Using Microsoft System Center and Dell OpenManage Read more » WHITE PAPER: Consolidating the Smaller Data Center Read more » WHITE PAPER: Proactive Maintenance and Power Management with Dell OpenManage and VMware Virtualization Read more » VLOG: Dell's DCS team helps with power, thermal and density challenges of scaling out Read more » CASE STUDY: In Search Mode - Dell and Google Read more »