Operating System Patch Management

Operating systems have substantial access to the hardware they control. Compromising an operating system basically means owning that computer. An attacker who successfully compromises an operating system can often use that computer for other attacks as well. You should frequently check your operating system’s website for newly released patches and apply those patches. An operating system that has the latest available patches is less vulnerable to the newest attacks.

Set up each computer to download and apply patches automatically or set up a procedure that ensures you apply operating system patches to all computers as soon as they are available. The longer you delay patching any computer, the longer that computer remains vulnerable to newly released attacks.

Application Software Patch Management

Application software can contain vulnerabilities as well. As with operating systems, it is advisable that you acquire the latest application software patches from your application software vendor and apply them as soon as possible. This process is relatively easy for off-the-shelf software. It can be more difficult for software you have modified. Regardless of the role you play in modifying application software, it is important to have a plan in place to keep your software free from known vulnerabilities. Remember, if you know about a vulnerability, chances are some attacker knows about it too.

Data Loss Protection

The business has two main concerns when it comes to information collected, stored, and processed. Is the information safe and can you prevent it from walking out the door? Seems like a fairly easy question to ask, but a lot more complicated to answer.

This chapter has discussed at length methods of keeping information safe. Security policies and secure coding practices ensure risks are evaluated and reduced. Security policies ensure alignment with the business requirements. When there are risks to be taken the security policies ensure a risk assessment is performed so that a balanced decision can be made by the business.

In this section, we focus on the second business concern of how to prevent information from walking out. Security policies define what’s often called either a Data Loss Protection (DLP) program or a Data Leakage Protection (DLP) program. The term refers to a formal program that reduces the likelihood of accidental or malicious loss of data.

The concept of DLP comes from the acknowledgment that data are often copied, changed form, moved, and stored in many places. Often these sensitive data leave the protection of the application database and end up in emails, spreadsheets, and personal workstation files. It is these data that live outside the hardened protection of an application that most concerns business.

A typical DLP program provides several layers of defense to prevent data from walking out:

• Inventory

• Perimeter

• Encryption of mobile devices.

The DLP inventory component attempts to identify where sensitive data may be stored. This includes scanning workstations, email folders, and file servers. The process requires inspecting the content of files and determining if they contain sensitive information such as social security numbers.

The DLP perimeter component ensures that data are protected on every endpoint on your network, regardless of the operating system or type of device. It checks as data move, including writing data to email, CDs, USB devices, instant messaging, and print. If sensitive data are being written to an unauthorized device, the technology can either stop and archive the file or send an alternate.

Through the logging and analysis server, it monitors real-time events and generates detailed forensics reports. Loggin cannot stop data from leaving but can determine what happened after the data have left.