Thursday, 30 April 2009

The unsecure end point

I have said it before and I will say it again, many times the end point is the biggest security challenge. Why? Because it is very hard to know everything (or check anything) that runs on PC:s that users treats as something personal. Users wants to downloads stuff and store stuff on their PC:s..and sometimes the PC:s does not even belong to the company or the organisation. Users access corporate data using a cafe pc or their home pc. Will this trend change? Not likely as the difference between our working life and our private life becomes more and more diluted. We live a part of our life in cyberspace and companies needs to accept that company infrastructure (and security policies) needs to support that.
There are a couple of simple tricks to avoid the worst problems (apart from good antivirus systems and updated applications):
1. Make sure that split tunnelling is prevented.
2. Use 2-factor authentication
3. Give access for users on a need to know basis..to limit the damage if security is breached.
4. If the PC is really unknown...give the users an USB with a separate OS on it to use when they connect.
Now you probably ask where NAC fits into this model? It does but do not only rely on it as the only thing you need..and next time you buy an access system...make sure that end point security is a part of the product.

No comments: