If this scenario seems highly unlikely, think again. It has been performed by Steve Stasiukonis, vice president and founder of Secure Network Technologies in a network security assessment requested by a credit union.
How to prevent Joe from doing it?
Every network administrator has the option to limit the freedom of the workstation users by disabling certain Windows features using a registry editor. Completing the job takes several hours on one computer and a lot of technical know-how. Not to mention the fact that if something goes wrong, the whole registry might get corrupted which results in a reinstallation of the whole system. This, however, still doesn't restrict the user to open websites or attachments.
An easier and more time-efficient solution is business solutions that are comprised of several applications designed for any network architecture offering a multi-layered security infrastructure. All of them managed by a centralised server in order to save time and effort.
1. Mail servers
Any large network probably has a mail server. It is best to filter out all the spam before it gets to the workstations to reduce mail traffic and save network resources.
Second of all, the main gateway should filter malicious HTTP and FTP traffic, offering proactive protections against zero-day threats, a white-list filter and browser comforting among other useful features needed to offer a secure Web experience.
3. File Servers
File servers are products that cover any business' need for a file sharing server. Be it Windows or Unix- based, the applications integrate perfectly with the infrastructure and offer optimised, multi-threaded scanning for faster file access.
The workstation protection is increased by security solutions bundling an anti-virus, anti-spyware, anti-phishing, firewall, user and privacy control, backup and an hourly update system together, integrating them to work flawlessly on a various range of Windows systems. Policy-based management, automatic detection and deployment as well as integration with Active Directory make the life of network administrators easy and reduces costs of network management.
All suites mentioned above can be managed from a separate Management Server improving security compliance and efficiency.
Vlad Valceanu is the head of Antispam Research at BitDefender. With experience in anti-spam research for more than six years, Vlads main focus is to keep BitDefenders technologies up-to-date, and to maintain a leadership position in the Internet security industry.
Sign up for Computerworld eNewsletters.