September 28, 2016

3 Reasons Why Your Organization Needs a Network Scanner

A network scanner is a somewhat vague term. While it is easy to answer questions such as “what does a patch manager do?”, the same cannot be said of a network scanner. The main reason for this is that a network scanner, unlike a patch manager, is not designed to perform a single function. In general, a network scanner can perform a series of different tasks and checks to ensure that your network is secure against all known vulnerabilities as well as to make sure that it is configured in a secure way.

GFI LanGuard 2012 Dashboard

This is all well and good, but at the end of the day, why do you need a network scanner?

1. To ensure your software is configured securely:

An administrator’s life can be quite demanding at times. It is not enough for an administrator to make sure that any software deployed on the network works as it should but s/he also needs to make sure that this software is configured securely in a way that makes it quite hard for others to exploit.

I cannot stress enough this point. Consider a mail server, for example, that allows relaying from any source. Such a mail server would be seen as working correctly. Any person on your network would be able to send and receive emails without any issues. In fact, in terms of functionality there are no issues.

However, a mail server which relays messages from any source is prone to be discovered by spammers and it is quite likely that they will exploit it to run massive spam campaigns through it. This will lead to a severely degraded performance as your bandwidth would be flooded with spam. Moreover, such activity could get the organization into trouble, your server blacklisted internationally and your company labelled a spammer. This is why a securely configured server is a must.

2. Ensuring there are no unnecessary services or applications:

Every service or application that runs on a system is a potential security risk. One can never be absolutely sure that a service or application is not exploitable. The solution is to avoid running unnecessary services or applications and to do so you have to identify what these are.

While one can manually do a software inventory periodically, using a good network scanner will allow the administrator to do so accurately on a daily basis and be a lot more proactive.

3. Removing unused user accounts and open shares:

User accounts that are no longer required should be deleted at once. They can easily be exploited by their former owners when they leave the company especially if they were fired or they left on bad terms and hold a grudge against the organization.

Deleting accounts as soon as people leave the company is a good practice but is not always enough. Employees with a grudge might have created new user accounts on a number of systems, even more so nowadays when you can deploy virtual machines so easily. Apart from sending out alerts when new user accounts are created, a network scanner can be set to notify the administrator when an account has not been used for a long period of time.

Open shares are also common vectors used to spread malware. A good network scanner can periodically look for such unauthorized shares saving administrators from having to do lengthy inventories in order to maintain network integrity.

There are other reasons why you should be using a network scanner. For instance, to identify vulnerabilities that are hard to find manually. You can regularly monitor the network, automatically carry out audits that otherwise would take ages to complete manually.

What is important is that issues are discovered today and not in a month’s time or when something goes wrong. That is the difference between a safe network and one at risk of being exploited and compromised.

Editor Note: This guest post was provided by Emmanuel Carabott on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Read more on the importance of using a network scanner.

Disclaimer: All product and company names herein may be trademarks of their respective owners.

4 Key Features of Good Endpoint Security Software

(Live-Hacking.Com) – Data leakage occurs when data that should have never left the physical confines of your company’s brick and mortar walls does, and control of that data is lost. One of the main reasons why this could happen is because companies lack endpoint protection. When a user copies data to their smartphone (think contacts, critical documents that they wish to

GFI EndPointSecurity™ console

GFI EndPointSecurity™ console

review while mobile, email attachments, etc), or to a USB flash drive, your company is primed for a data leak. Endpoint protection is designed to prevent that from ever happening in the first place. Sure, you can remotely wipe smartphones, at least the ones that are compatible with your company’s policies, and you can protect data on portable media with encryption, but both of those depend in part on the end user. Whether that person is intentionally malicious, apathetic, or simply ignorant, it is entirely possible to transfer data to unprotected media, unless you prevent it in the first place through endpoint security.

There are programs on the Internet today that can turn portable media players into mass storage devices capable of automatically seeking out and downloading key data to their storage. Search for podslurping to see just how creative these applications are, and don’t forget the users with DVD/CD burners in their machines that can burn a disk with gigabytes of data. Unless they have encrypted that data, it can be read by anyone who happens to come across that disk. Some companies have gone as far as to epoxy the USB connection on machines to prevent the physical attachment of external media, but this has several problems. They won’t be able to turn such damaged hardware back in at the end of a lease; any residual value after the useful life will be greatly decreased, there are lots of legitimate uses for USB that will be prevented by this, and it is not a full solution. Search on bluesnarfing to see how users can exploit Bluetooth connections to further transfer data. Instead of ruining your hardware, implement endpoint security to protect your data.

So how can endpoint security help a company to prevent data leakage? Here are the four most important features to look for in good endpoint protection software:

  1. Agent based enforcement: Endpoint protection software should use easy to deploy, tamperproof agents which can be rolled out to users, and once on their system, be locked down so even local admins cannot disable them.
  2. Easy, central management: Good endpoint protection software should support rapid policy creation through an easy to understand wizard, that can be deployed granularly with Active Directory Group Policy, and that has the flexibility to support business needs.
  3. Information at your fingertips
  4. Real-time centralized monitoring and alerts are just the starting point for endpoint protection’s information components. Look for centralized logging and reporting, that can generate on demand and scheduled reports.
  5. Flexibility:The one thing you can count on is that no matter what you set up, you will need exceptions. Whether you need to provide temporary access, allow systems admins or security personnel to bypass restrictions, or implement white-lists and blacklists, look for an endpoint protection that is not going to lock you down so tightly that it breaks business processes.

By deploying endpoint security, you are taking reasonable steps to prevent data leakage and protecting your company’s data and that of your customers. Endpoint protection makes good business sense in today’s environment where a data leakage can cost a company millions in reporting and monitoring, and cause irreparable damage to a company’s reputation.

Editor Note: This guest post was provided by Casper Manes on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Learn more on how to make the best out of endpoint security.

Disclaimer: All product and company names herein may be trademarks of their respective owners.