Network security: Empower users without endangering IT

1. Publish a clear, readable acceptable-use policy (AUP) and let users know what, when and whether it's OK for them to use company computers for personal activities. Anything strictly forbidden should be stated as such.

2. Establish clear, readable guidelines for what employees must do to keep their notebooks and mobile devices safe and secure: install updates, keep antivirus and anti-spyware current, and so forth. Set up decontamination/quarantine areas on your networks, and make employees check through them whenever they bring a machine in from the outside (yours, theirs or somebody else's -- it doesn't matter).

3. If you're monitoring employee activity, tell them in advance, and remind them periodically that you're doing so, warning them of the possible consequences of infringement of the AUP.

4. Offer general encryption tools and encourage their use when sending attachments via email, or files through a Web transfer service or FTP.

5. Offer a list of safe or acceptable Web-based services (IM, file transfer, and so on) along with information on when and how these may be appropriately used at work. If no such services are allowed, state this clearly in the AUP, and provide frequent reminders.

6. Provide security training materials and make training pa

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Network Security Rogue access points: Preventing, detecting and handling best practices The TPM chip: An unexploited resource for network security Shifting defenses and dynamic perimeters challenge network security Compliance in a virtualized world: Server virtualization and NAC security Securing the new network architecture: Security for distributed, dynamic networks How to configure Windows Server 2008 advanced firewall MMC snap-in USB storage devices: Two ways to stop the threat to network security Network security: Using unified threat management (UTM) Network analysis -- Enhancing security assessments OSI: Securing the Stack, Layer 8 -- Social engineering and security policy Network Security Best Practices and Products Ethical hacking and countermeasures: Network penetration testing intro Are you on a domain name system (DNS) blacklist database? Rogue access points: Preventing, detecting and handling best practices Network security threats solved by risk management: John Pironti explains How to evaluate and manage UTM for network security Profiling -- and protecting against -- network problem users: The Internet Novice How does a firewall work? Physical network security key to fighting low-tech threats Why are TCP/IP networks considered unsecured? Troubleshooting networks: Can vendor software self-install firewalls?

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary anti-replay protocol  (SearchNetworking.com) dynamic packet filter  (SearchNetworking.com) HELLO packet  (SearchNetworking.com) packet filtering  (SearchNetworking.com) rule base  (SearchNetworking.com) stateful inspection  (SearchNetworking.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

rt of new-employee orientation, plus an annual refresher. Warn people about the risks of using anonymizers and proxies to bypass content controls.

7. Provide clear, readable guidelines on when it's acceptable and when it's not acceptable to use file search or sharing software -- for example, search across multiple computers at Desktop.Google.com -- and what kinds of information may not be accessed using these tools. Explain relevant risks, rules and mandates that do not permit such access to occur or that levy major costs and consequences should breaches happen.

8. Provide clear guidelines for use of online-storage services for on-the-road or out-of-the-office file access, and explain when and how encryption should be used to render potentially sensitive or dangerous material unreadable. Provide security tokens or smart cards to secure such access so that losing a laptop doesn't mean losing control over important data.

9. Provide secure remote access to company email, applications and files to employees on a need-to-access basis that's approved by management, via a Web interface (Microsoft OWA, for example) or via VPN connections. Teach employees how to use these tools properly, offer online tutorials and help files, and be ready to help them make this technology work.

10. Be flexible, understanding and polite when it comes to employees dealing with home life at work. It happens, and the best way to minimize interruptions and frustration is to acknowledge the importance of both and to do your best to make sure employees can get work done when they need to do so while feeling free to work outside normal hours to make up for occasional bumps in the road of life and work.

By supporting users and helping them do what they must at home and at work, you will limit their temptation to work around, bypass or ignore AUP requirements.

About the author:
Ed Tittel is a full-time freelance writer and trainer who specializes in Windows, security and networking technologies (and likes to combine all three as often as possible). He's also the author of more than 100 computer trade books, including the forthcoming Windows 2008 Server for Dummies (Wiley Publishing, February 2008).