Unless you solve the all-important problem of locking down end-user PCs, all of your other security defenses will fail you
While that was their one essential truth, they also shared some other "inconvenient truths:
* Most of today's security risk in the average computing environment comes from "drive-by downloads" -- that is, trusted insiders get infected by Trojan software that they were tricked into installing.
* If you allow your end-users to install any software they want, then your risk of security exploitation is high.
* Even if you are fully patched and the software you run contains zero bugs (this is never true), it barely decreases the risk from drive-by downloads.
* Most malware and malicious hackers are criminally motivated and seek monetary gain.
* End-user education is highly overrated and will fail.
* Your firewall, your anti-malware software, and your IDS will fail.
The key to a successful defense? Locking down end-user PC's so they can't install additional software. While that sounds like a great defense, unfortunately it's not too feasible in most environments. End-users always find they need an additional application, and the number of requests to install software would exceed the capability of most helpdesks if end-users didn't get to install the software themselves. It may work for some environments, and if works for yours, then more power to you.
That leaves the rest of us looking at defenses such as proxies to prevent the drive-by malware. The good news here is most proxies have the ability to block embedded URLs which are the source of most of this drive-by malware. Unfortunately, this doesn't take care of end-users purposely installing malware thinking it's anti-malware software, a friend's video or some other innocuous program.
Posts
No comments:
Post a Comment