This is another paper from my IT Security class. Considering I've been tinkering with computer information technology my entire adult life, I sure am learning a lot!
With the rapid advancement of technology, we are seeing equally rapid methods of those with unscrupulous intentions hacking into our personal and professional lives. How do we keep our mobile devices, computer networks, and applications secure?
Think of your computer system in layers. Each layer needs to be protected. Layers could include your network, the software, the websites you visit, the people who access your system and more. Network security, a firewall for example, is a like a fence for your network that lets the good guys in and keeps the bad guys out (Team). A network security scanner will identify your systems weakness(es) in the network. While you can deny certain IP addresses from accessing your system, you likely want to receive requests from anybody. However, a firewall cannot discern a healthy vs a malicious attack. A web application firewall will only stop known threats. If the firewall is not configured properly, it won’t secure your system at all, so an additional layer should be added.
What about the physical security of your devices? Limit physical and remote access to only those who need to access your resources. If you, or certain employees, don’t need to access your files when you are away from your computer, don’t set it up for remote access.
Physically protect your devices by locking them down or installing an audible alarm if the device is moved.
Be careful when people can look over your shoulder to capture a password or see sensitive documentation.
What are other layers? Prioritize your applications. Which ones are important? Which are redundant? Do you need them all? The more you use, the more likely you are to have a problem.
Use antimalware programs such as anti-virus, anti-spyware, and anti-spam programs for additional protection.
Always keep hardware and software updated. When an update or a patch is released, they are almost always security related.
To secure Microsoft products, I first looked to see what Microsoft does to secure their own systems. They are implementing a zero-trust model; “never trust, always verify.” This system contains four elements leading to a secure environment.
- 1. Identity authentication
2. Device management
3. Least-privilege user rights
4. Verified health of services
Identity authentication favors bio-metric confirmation for users. This is more secure than having a strong password that is changed frequently.
Device management will permit users to utilize their own mobile devices to access company resources, but only if the health of their device is managed.
Least-privilege users rights means that individuals will only have the access needed, and no more, for their use of resources.
Verified health of services, according to Microsoft (Implementing), is an ongoing goal of using services that are secure and will enhance the overall security of data.
By providing strict rules and policies, whether to a corporate or personal computer environment, you too, can find solutions to modern security issues.
Implementing a Zero Trust security model at Microsoft. IT Showcase. https://www.microsoft.com/en-us/itshowcase/implementing-a-zero-trust-security-model-at-microsoft. Published 2019. Accessed October 7, 2019.
Team N. Getting Started with Web Application Security. Netsparker.com. https://www.netsparker.com/blog/web-security/getting-started-web-application-security/#secure_network_firewall. Published 2019. Accessed October 7, 2019.