1. All laptops and desktops should be running Windows 7. Windows XP will not be supported after May 2014. Also, they should be running some type of Anti-Virus software and laptops should be encrypted in case of the laptop being stolen. (Dell, 2011)
2. Patching the servers, desktops and laptops often. Most software applications have updates to their software for security updates. Microsoft sends out patches every second Tuesday of the month and should be tested on all platforms before sending out to the end users. Antivirus, local firewall and similar applications work to bar exploits and infections. Biometric and two-factor access security help prevent exposure of data. And file-based encryption keeps key information safe, even if it leaves the enterprise net and gets copied to portable media. (Dell, 2011)
3. Hardening servers, desktops, laptops and mobile devices through their configuration by turning off unused services. Constraining remote access and other convenience features; setting administrator and user identities; defining execution policy for required applications. …show more content…
Configuration management software keeps track of device, OS, application, and interrogates and applies appropriate configurations over the network, and can often be used to remotely commandeer stolen or otherwise exposed devices. (Dell, 2011)
4.
Virtualize the browser so that the end users surf from the inside. Letting users manage their own browser can lead to trouble because they can download toolbars, plugins, etc. Which can have malware attached or leave them open to an attack. and to turning on features like password caching, forms-filling and history that can make a stolen PC a gateway to enterprise applications, mail and data. The answer to this is; now supported by some security-oriented edge network devices -- can be to supply users with a virtualized instance of a filtered standard browser. This strategy offers users a high level of assurance against commonplace attacks, and prevents even successful attacks from executing code, rooting the OS, or reaching and compromising the local file system or other vulnerable targets. (Dell,
2011)
5. Securing the perimeter by using Unified Threat Management systems consolidate security and edge network functions, blending gateway switching and routing with firewall, VPN, content-aware web filtering, antivirus, anti-spam and data-loss prevention (DLP). The pre-integrated result can be simpler to manage, and UTM devices can also be key enablers in helping you outsource security monitoring and network management to dedicated professionals. (Dell, 2011)
6. Areas of focus are below
IT Area of Focus Areas of Concern Relevant Toolkits
Endpoints • OS level
• Patch history Configuration hardening Desktop access Application access Install/Use policy
• File access
• File storage
• VPN authentication Browsing
• Backups • OS update appliance Patch/configuration appliance
• Patch/comfit appliance Embedded biometrics Remote policy mgmt. Endpoint encryption
• UTM manager
• Secure browser
• Secure email
• Incremental backup
Network Edge • Patch history
• Configuration hardening
• VPN
• Firewall
• Stateful inspection
• Data-loss prevention
• Log archiving/backup • UTM manager
• Optional off-site management
Email • OS level
• Patch history
• Configuration hardening
• Stateful inspection
• Whitelists/Blacklists
• Boundary encryption
• Backups and archiving • Secure Email cluster appliance management
• Archive management
Endpoint Data Encryption • OS level
• Patch history Configuration hardening
• Resilient computing
• Stateful inspection
• DB encryption
• Backups and archiving • Automated infrastructure management
• Patch/configuration appliance
• Backup management
(Dell, 2011) • •
7. Securing email. Email is a classic attack vector for introducing malware, phishing, and other attacks. It’s also the mainstay of compliance, auditing, and proving due-diligence under any regulatory regime. So email integrity is essential in managing all forms of business risk. For this reason, it makes sense, even within the context of an otherwise-comprehensive layered security plan, to treat email as a special case and give it another layer of protection. The good news is that top-rated email security systems are improving radically, offering malware and spam protection, boundary encryption to protect partner communications, sophisticated administration controls, and end user-empowering features such as the ability to define and manage whitelists and tune spam settings within policy guidelines. (Dell, 2011)
8. There is no substitute for human intelligence where security of your data is concerned, you should always have end users attend training and let them know your policies and have them sign end user agreements to cover the company legally. (Dell, 2011)
References
Dell. (2011). 10 ways to implement multi-layered security. Retrieved from http://en.community.dell.com/dell-groups/small-business/b/smb/archive/2011/11/16/10-ways-to-implement-multi-layered-security.aspx