Best practices advice for securing agency information
Symantec just issued new guidelines designed to help organizations better secure IT operations. Boiled down, the key advice includes:
1. Employ defense-in-depth -- Emphasize multiple, overlapping, and mutually supportive defensive systems, including deploying updated firewalls, gateway antivirus, intrusion detection, intrusion protection systems, and Web security gateway solutions.
2. Monitor for threats – Watch for network intrusions, propagation attempts and suspicious traffic patterns. Identify attempted connections to known malicious or suspicious hosts. Receive alerts for new vulnerabilities for proactive remediation. Track brand abuse through domain alerting and fictitious site reporting.
3. Antivirus on endpoints is not enough -- Signature-based antivirus won’t protect against today’s Web attacks. Deploy a comprehensive endpoint security solution with endpoint intrusion prevention, browser protection against obfuscated Web-based attacks. Consider cloud-based malware prevention, and file and Web-based reputation solutions that provide a risk-and-reputation rating of any application and Web site to prevent rapidly mutating and polymorphic malware.
4. Use encryption to protect sensitive data.
5. Use Data Loss Prevention to help prevent data breaches -- Implement a DLP solution to discover sensitive data, monitor its use and protect it from loss. Data loss prevention should be implemented to monitor the flow of data as it leaves the organization and monitor copying sensitive data to external devices or Web sites. DLP can identify and block suspicious copying or downloading of sensitive data.
6. Implement a removable media policy -- Where practical, restrict unauthorized devices such as external portable hard-drives and other removable media. Such devices can introduce malware and facilitate intellectual property breaches. If external media devices are permitted, automatically scan them for viruses upon connection to the network and use a DLP solution to monitor and restrict copying confidential data to unencrypted external storage devices.
7. Update security countermeasures frequently and rapidly -- Organizations should update security virus and intrusion prevention definitions at least daily.
8. Aggressively update, patch and migrate from outdated and insecure browsers, applications and browser plug-ins to the latest available versions using automatic update mechanisms. Wherever possible, automate patch deployments to maintain protection against vulnerabilities across the organization.
9. Enforce an effective password policy -- Ensure passwords are at least eight to 10 characters long and include a mixture of letters and numbers. Encourage users to avoid re-using the same passwords on multiple Web sites, and sharing passwords with others. Passwords should be changed at least every 90 days. Avoid writing down passwords.
10. Restrict e-mail attachments -- Configure mail servers to block or remove e-mail that contains file attachments that are commonly used to spread viruses, such as .VBS, .BAT, .EXE, .PIF, and .SCR files. Organizations should investigate policies for .PDFs that are included as e-mail attachments.
11. Ensure the proper infection and incident response procedures -- Keep security vendor contact information, know whom to call, and what steps to take if one or more systems are infected.
12. Educate users about new threats -- Don't open attachments unless they are expected and from a trusted source and don't execute software downloaded from the Internet unless the download has been scanned for viruses. Be cautious when clicking on URLs in e-mails or social media programs. Deploy Web browser URL reputation plug-in solutions that display the reputation of websites from searches.
Source: Symantec. The full July 2011 report is available at: SYMCINT_2011_07_July_FINAL-EN.pdf