Tip of the moment: Do not set up Site to Site VPNs with unrestricted access. Your partners may
need to access certain internal objects, but that doesn't mean you should permit
them access to your entire network. Have access rules for your VPNs that follow
the least privilege priniciple.
n00b notes
Written by: Matt Yonchak
From Eye of the Storm - July 2008
Every month you read this newsletter and hopefully learn something new or interesting about securing your network. But what about physical security? We all know about the badge that gets you in the building and the cameras that can see your computer screen while you’re streaming usopen.com to see Tiger win again. I’m talking about the data that walks out the door every night and you only hope will return the next morning...laptops.
Everyday we as network/security administrators trust our users to leave the building with login credentials, customer data, or personnel information. I find it amazing considering we barely trust our user population to put a URL into a browser window. How often do these laptops sit in the car overnight or sit unlocked at Starbucks while John Q. User goes to the restroom? What I find even more amazing is that we LET THEM do this. It’s not that we don’t try to keep them from doing these things; but we know it’s going to happen and we still let them walk out the door every night. My suggestion, flying tackle them as soon as they hit the front door and wrestle the laptop bag out of their arms...j/k. Something does need to be done though.
The most obvious answer is disk encryption. There are enough encryption products out there that something will work well for you and your situation. I’m sure there will be the normal hassle from the budget people or maybe you’ll be forced to convince the Bobs that this is necessary. Have them consider the implications if your data falls into the wrong hands, and don’t think that there isn’t someone out there who wants it. Trust me, there is.
In addition to encryption, you should beat it into the heads of your users that taking care of these laptops is essential. Don’t leave them in your car. Don’t leave the screen unlocked and walk out of sight. Use a laptop lock always. These are common sense things that never get done.
If you have questions about encryption, google it or call us. We’re all more than willing to help you keep your network secure. The downfalls of not having encryption far outweigh the work/money that it takes to implement it. We are far too reliant on the people who take these laptops home to secure them. In the end, it is not the job of the person who takes the laptop home to secure the data on it (it is their responsibility to keep them safe though). It’s your job to keep them secure.
