It seems like every day there is a new data breach or heist. Hackers break into corporate or government computers and swipe names, addresses, birth dates and those all-important US Social Security numbers. Consider these recent breaches:
- Hackers hit the jackpot when they cracked the network at the US government’s Office of Personnel Management and accessed Social Security numbers, dates of birth and other personal information of more than 4 million federal workers.
- Unidentified Russian hackers broke into an unclassified email system used by the US Joint Chiefs of Staff.
- Gang members are using social media like many others do. In addition to the standard uses for social media, they post threats on social media that include a rival’s street—a practice known as online tagging. Posts and videos threatening rivals and others may accompany online postings.
- In early February 2015, Anthem (one of the US’ largest health insurers) revealed that hackers had breached a database containing the personal information of 80 million customers and employees.
My recent Journal article focuses on Windows computers with an emphasis on all nonserver Windows computers. This includes Windows end-user devices, such as workstations, desktops, laptops, hybrids and tablets. Workstations are just as important to the security of an organization as servers. Of course, an insecure workstation only directly impacts one user (in most cases), while a server can impact thousands. But all of the biggest breaches in recent times have started with a compromised workstation, not a server. Even though servers and workstations run essentially the same Windows operating system, securing workstations is very different than servers.
The key differences that impact security include:
- Lack of physical security for workstations in general and the mobility of laptops and tablets.
- The usage of workstations (e.g., viewing videos) is different compared to the unattended background services dominant on servers.
- Workstations have much more interaction with untrusted web sites and parsing of Internet content.
- Workstations are used by less security-conscious and less technical end users.
Hardening servers is primarily about reducing the attack surface and keeping remote users from viewing more than the resources and services they are supposed to access. Hardening workstations, on the other hand, is very much about protecting end users from themselves. And there are usually many more applications installed on workstations than the typical server. Workstation security is actually more complex than server security.
As defenders, it is essential to understand these hacking tools and techniques. The idea of enforcing security policies at the workstation level and the use of active directory permissions to safely delegate administrative authority in a large enterprise offers the best strategy to cope with cybersecurity threats and other advanced attacks. Additionally, by providing corporate directors and government officials with meaningful intelligence on a regular basis, security professionals garner high-level support for building robust security systems and adopting processes and policies necessary to protect data.
Read Omar Y. Sharkasi’s ISACA Journal article:
“Addressing Cybersecurity Vulnerabilities,” ISACA Journal, volume 5, 2015.
Omar Y. Sharkasi, CBCP, CFE, CRP
[ISACA Journal Author Blog]