Mention security these days and the response you will probably get is things take longer (getting through an airport for example). Everyone hates it but like it or not it has become part of our daily lives. But how secure can you actually make something?
This is the question I was asked by a client last week. We were talking about possible upgrades to their network along with checking the measures they already had in place. I did the usual – check password strength, permissions on the server, antivirus, firewalls etc and as is the norm they wanted security but not the hassle it brings. “We need things to just work and not worry about these security things” to which I replied “You can have security or connivence but rarely can you have both”.
Lets start with good practice. Don’t use easy passwords and don’t write them on posit notes stuck to the PC either!!!! Use one vendor for antivirus on all the systems as this allows easier troubleshooting if something happens. I did read an article yesterday suggesting you use two as any holes found in one product is unlikely to be in the second. I can understand this logic to a point but this makes troubleshooting a lot more difficult. I try to explain to clients they are better to standardise their software across all their PC’s for this reason. Finally only give users the permission they need not what they want.
Now onto Firewalls. A good firewall will stop attackers getting onto your network in the first place (or at the very least telling you someone is trying) and there are endless vendors like SonicWall or Cisco who supply excellent products. The problem is the cost, or more accurately the perception of cost. Most of the clients I deal with are small home businesses who can’t justify the cost of installing a third party firewall and instead rely on the BT Home HuB (or similar). These type of routers contain a basic firewall which is robust for the most part (you can configure ssh access for example) but don’t have the feature set of the more expensive models from the likes of Cisco.
The biggest problem with security though is us. Humans are well known for always being the weakest link in IT. If we see security as getting in the way then we get annoyed and turn it off. My antivirus is slowing down emails coming in – turn it off. You want me to remember how many passwords – don’t think so!! You get the picture!!
So back to the the original question – how secure is secure? The answer is nothing is ever gong to be 100% secure (especially with humans involved) but we can get close. The problem is where do you draw the line with regards to security affecting users ability to do their job? Too much security and nothing gets done while too little and you will get serious issues.
I will leave answering that question upto you.
About the Author
Follow @Comtech247 on Twitter