Practical Tactics for Protecting Your Road-Warriors

Many vendors focus on protecting enterprise environments from blocking attackers from entering. Network IPS, web filtering, and networking separation tools such as VLANs all offer some sort of protection for enterprise networks. However, with the growing trend towards a mobile workforce, these technologies are rendered useless for laptops that are taken off the network. The first response to this issue from today’s network-based vendors is network-jailing systems (see: VERSA Archive). However, these systems are only aimed at protecting the enterprise network, not the laptop of the user. So, how should a security team take practical approaches towards ensuring that their laptop users are consistently protected when away from the enterprise network, and keep the enterprise network secure when reconnected?

Host-Based Anti-Virus
Perhaps the most obvious security measure for laptops if anti-virus / anti-malware technology. The technology chosen should have positive scores in lab tests (i.e. VB100), as well as strong generic protection mechanisms for unknown malware that may not have a signature available yet. This becomes especially important for organizations where front-facing employees (executives, recruiters, sales) use their laptop outside of the network, and might be targeted by specially-designed, unknown malware from a malicious attacker.

Host-Based IPS
The second most obvious protection mechanism comes from network and client-side attacks. A strong vendor should not only protect the critical Microsoft applications (Internet Explorer, LSASS, etc), but should also protect against unknown vulnerabilities in lesser-used applications such as file-format media applications. This protection should be offered in both signature-based and generic protection mechanisms at both the network and the client levels, offering robust security to users of insecure networks who might be browsing potentially malicious web pages.

Vulnerability Assessment
Although unknown vulnerabilities must be protected with a generic host-based IPS, the majority of attacks are for known vulnerabilities, sometimes ones that might not have an available patch (http://research.eeye.com/html/alerts/zeroday/index.html). For these vulnerabilities, patches or custom mitigation should be rolled out to client machines. Unfortunately, scanning these machines when they’re “away from home” will prove impossible because their location will likely be unknown. Therefore, by using a host-based vulnerability assessment tool, the potentially-vulnerable laptop can report vulnerabilities back to a centralized monitoring server so that administrators can understand the security posture of that remote user. This is critical for administrators to understand how their entire network is postured to attack, since these machines will likely be reconnected to the internal network.

In the end, there are no silver-bullets for having a perfect mechanism to protect hosts on both the inside and outside of a network. However, by employing mechanisms such as those described above, the most common exploit attempts by attackers will be thwarted.

Source: Andre Derek Protas, Director of Research and Preview Services

eEye to Add Retina Web App Scanner
"New software is rebranded version of NT Objectives's NTOSpider" Full Article

Blink Professional Edition 3.5
"Blink Professional Edition 3.5 seeks to speed security evaluations and protect workstations by offering vulnerability assessment, intrusion prevention, virus and spyware protection, and data loss prevention—a tough assignment, but the software rises to the challenge." Full Article

Vista at one year: Progress and Pain
"Windows upgrade fuels revenue and frustrations" Full Article

View All Media Coverage
"eEye and its security solutions have been covered by numerous press and media associations." Full Article

Q: We've implemented hard-drive encryption on our laptops, are we protected?

A: HD encryption does protect laptop data from being stolen when in a powered-off state. However, most laptop thefts are launched because of the monetary value of the hardware and not so much the data stored on them. If attackers want the data on your laptop, they will try to get it via some sort of electronic means while you are logged into it. This way, the encryption has already been bypassed as your user account has direct access to the data. Attackers hate to launch physical attacks, as that takes the anonymity out of their tactics. Therefore, the best methods of protection are still those listed above in the Tech Talk.

By the way - thank you for the question; this question was the inspiration of the Tech Talk article. A few eEye t-shirts are being delivered to you.

Have a question you would like answered? Send it to versa@eEye.com, and win an eEye t-shirt if we select your question for an upcoming newsletter.

eEye Unveils Retina Web Security Scanner
Partners with NTO on Integrated Threat Management Suite Full Article

eEye Security Solutions Used by Over Half of the Fortune 100
More than 50 of the Fortune 100 Use eEye Digital Security Products & Solutions Full Article

eEye’s Blink Protects Against Phishing Schemes
Blink antivirus software product protects end users and networks from malware threats associated with phishing schemes and email spoofing. Full Article

View All Articles and Announcements
eEye and its security solutions set have introduced a number of newsworthy security advisories and security technology deliveries that have been covered by the press. Select any of the links below to view more details regarding our most recent articles and announcements. Full Article

Stay Up-to-Date with eEye Research
eEye Research has seen some staggering results from the recent influx in Blink Personal/Neighborhood Watch users. This data is offering eEye Research a distinct insight into host-based vulnerability and attack trends to offer enhanced protection into Blink. Keep an eye on the eEye Research Portal http://research.eeye.com/ for future projects that have arisen because of the mass use of Blink Personal including Neighborhood Watch reports and attack trends. More

Vulnerability Expert Forums
The monthly Vulnerability Expert Forum focuses on recently announced critical vulnerabilities - from Microsoft and other software vendors. eEye's Internet security experts will describe the actions necessary to protect your systems from the threats that target these vulnerabilities. More

HOW TO SUBSCRIBE
To subscribe to this and other eEye newsletters, please visit: http://www.eeye.com/html/resources/newsletters/subscribe.html

FEEDBACK
The eEye newsletter staff welcomes any comments, questions or suggestions from our readers. We hope that you will not hesitate to contact us with any feedback you may have. Send all feedback to versa@eeye.com.

DISCLAIMER
The information within this newsletter may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk.

NOTICE
Permission is hereby granted for the redistribution of this newsletter electronically. It is not to be edited in any way without the express consent of eEye. If you wish to reprint the whole or any part of this newsletter in any other medium excluding electronic medium, please email versa@eeye.com for permission.