Common Tasks

Recent Posts

Community

Email Notifications

Personal Links

Archives

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

Give me a patch and you protect me for a day - Teach me security ....

The Security Awareness Blogspot provides an excellent resource that can help teach users best practices and the principles of safe computing. 

http://www.securityawareness.blogspot.com/

To me, security awareness training is just as important as automated protection safeguards in an organization's security program.  As an example, how will users react to a new virus attack where the AV vendors don't have signatures out, yet they have infected email attachments to process in their in-boxes?   

If you make security awareness informative, fun, and provide value to the user that helps protect them at home, they will adopt best practices in the workplace.  The Intranet is a great resource for publishing security policies, best practices, and educating users in security awareness.  I've seen night and day differences at our company as users have learned to question suspicious email and follow best practices. 

To borrow from CARE's great theme, you can sum up security awareness in this manner.  "Give me a patch and you protect me for a day -- but teach me security and you help protect me for a lifetime". 

Best Practices in Security Protection

http://www.geoapps.com/harry_waldron_best_practices.htm
http://www.cert.org/homeusers/HomeComputerSecurity/
http://www.cert.org/tech_tips/home_networks.html
http://www.learnthenet.com/english/section/protect.html
http://www.jmu.edu/computing/runsafe/

Posted: Nov 26 2004, 10:15 PM by Harry Waldron | with 1 comment(s)

Comments

Harry Waldron said:

"...how will users react to a new virus attack where the AV vendors don't have signatures out, yet they have infected email attachments to process in their in-boxes?"

Having gone through just such an event, it's not only important to have security awareness training for users, but it's also important to have suitable training for administrators, as well. During the incident I was involved in, I spent my time and energy organizing several sysadmins to assist in containment and eradication procedures, while on admin got on the phone with our A/V vendor. While he was on hold, he decided to do his own "analysis". Since then, I have seen others (CERT members, admins, etc.) attempt to do the same sort of thing...and it's a mess. To often, they spend no time thinking about such things ahead of time, and when they get into a situation in which they feel the need to do *something*, they invariably end up missing some really simple steps along the way. This is seen time and time again in the public lists.

On an aside, the issue of interconnectivity applies to users, as well (bear with me here...). Just as networks are becoming more and more interconnected, one also has to keep in mind that policies and awareness are, too. For example, a company I worked for got hit by an email-borne worm. Users were instructed to (a) do not open email if they don't know the sender, and (b) if they do know the sender, but the attachment doesn't look quite kosher, don't open it. Well, one of our customer's marketeers had a habit of sending jokes and animated files (animated GIFs, Flash movies, etc.) to people he knew, so when the email arrived, the marketing folks who received it immediately double-clicked on the attachment. While we were trying to reiterate and enforce our policies and awareness, we had a customer who wasn't quite on board with that sort of thing.

H. Carvey
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
# November 30, 2004 9:39 AM