Blog / Tracking Your Devices – What’s on Your Network?
Everyone wants good Security on their computers. That’s a no-brainer. The big issue with that is how do you go about getting it?
That is a very good question. The sad truth is that most people get it a bit wrong, right from the start. To prove it, think about two very common and current Best Security Practices right now:
1) Install / enable Anti-Malware software (like Windows Defender)
2) Install / enable a Firewall (like Windows Firewall)
For most, these would seem decent things to do. They’d stop there, pat themselves on the back and believe they set-up a solid defense.
I’m not trying to belittle anyone for doing that and I fully agree that these are good things to do. It’s just that they aren’t as good as many people seem to believe. For them to be truly effective, first there need to be other things that have to occur.
The Center for Internet Security (CIS) has a lot of information on how to go about securing networks, securing computers, etc. As part of this, they publish a list of Top 20 things you can do, to improve your Security posture. It’s easy to find: Just do a search on CIS’ “Top Security Controls.” Setting up a Firewall and Using Anti-Malware software only rank #9 and #8 respectively. This means they’re good enough things to do, but very much middle of the road when it comes to the amount of real Security you get from doing so.
The list is ordered in terms of what gives you the most real Security, down to what gives you the least (1st in the list is the best.) So, what can you do to improve your Security the most?
1) Active tracking of hardware in your network / 2) Active tracking of software on your computers
The key word here is “ACTIVE.” There are many places which keep a spreadsheet that mirrors what they have purchased and assume it’s correct. That is not Active Monitoring. Active Monitoring means to be constantly looking for new stuff. If done manually, this would imply:
a) Checking the list of installed software on every computer, on a recurring schedule (weekly)
b) Monitoring the devices connected to your network, by:
– Logging into every Switch, Firewall and WAP, to see what shows as connected
– Physically checking every network connection / cable, ensuring nothing is plugged-in that shouldn’t
– Doing both of those on a recurring schedule (weekly or better)
Now then, if you’re a sensible individual in charge of more than a small number of computers, you’ll agree that doing this is simply ridiculous. You would be correct, as it’s totally nonsensical to doing this manually.
Thankfully, there are plenty of ways to do this automatically. There are lots of different software solutions you can use to scan your networks for new devices and connect to your computers, to pull software lists. All of this being maintained in a database, so you can get alerted within minutes of new devices connecting to your network or the install of new software. THAT is how you do Active Monitoring.
It doesn’t require a lot of work or even a lot of money. Many solutions for this are completely free, so long as you don’t have a big network. All you need is a server to install them on, that has access to scan the networks you need to monitor, so that you can monitor the hardware. You’re half-way there. Setting up Software Scanning takes a little more than that, but not a lot of effort. Once that’s done, you need to keep an eye on the reports that get generated and run periodic tests to make sure it’s all still working properly.
Active Hardware and Software Monitoring is what gets you the most actual, real Security. In all the many Security Audits I have ever done I never ran into a single company that ever did this… not one of them!!
I encourage anyone who’s at all responsible for Computer Security in any way, to head over to the CIS website and look at the information they have available there for free. Don’t stop at Anti-Malware and a Firewall. It’s not enough and it’s exactly what an attacker would want you to do. You should need to do everything that is reasonably possible, to protect your information and yourself.
The truth is that monitoring Hardware & Software is reasonable. When considering legal responsibilities of an organization to “properly safeguard” important information, a certain level of active hardware and software monitoring is expected. The worst-case scenario involves going to court, due to an Information Breach. If you haven’t done enough reasonable data-protection, you can expect to lose.
If you have any questions about Actively Monitoring Your Computers, reach out to your TRINUS Account Manager, for stress-free IT.
By Kind Courtesy of Your Friendly Neighbourhood Cyber-Man.