CertiGuide to Security+  9  Chapter 3:  Infrastructure Security (Domain 3.0; 20%)       9  3.1  Devices

SNMP (Simple Network Management Protocol) 1 2 3.1.12  Servers

Security Issues with Workstations

If you’re thinking about security, and have done any work in the help desk field, the fact that these devices are accessed directly by end users should send up a red flag. Remember our point that security is largely a “people” problem? Users can do an absolutely endless variety of interesting things with their computers, which don’t contribute to the security of a network. Some of the common security issues created by users sitting at their workstations include:

• Opening email containing a virus, which infects the user’s system and goes on to propagate itself around the network.
  
  
• Downloading and installing unauthorized company applications such as audio/video players or IRC clients that might contain security holes that could be exploited by malicious users inside or outside the network.
  
  
• Sharing their entire drive with no password, because Joe six cubes down wants access to their electronic library of customer support help documentation (this could be a huge issue if the organization has no firewall or router rules in place to block access to the drive from the Internet).
  
  
• Starting unauthorized services such as Microsoft’s IIS web server, which may be exploitable by others.
  
  
• Not adequately protecting information stored on their computer (for example, by setting the computer up to auto-login so that anyone who turns the system on can access the contents of it and possibly the network as well, or by not password-protecting sensitive information).
  
  
• Changing their network password to their first name and last initial.
  
  
• Connecting a modem to their network and setting up a “remote access” application like Timbuktu or PC Anywhere, so that they can dial directly into their computer, and thus your network, from home – probably without having to provide a password.
  
  
• Taking the CPU home for the weekend to finish some work (probably because they were read the riot act the last time they installed PC Anywhere).
  
  
• Going home for the night and leaving themselves logged in, with a proprietary document being edited.

Protecting information stored on the computer is somewhat of a challenge, since any time there is physical access to a system (as with most workstations), getting access to its disk is usually no more complex than inserting just the right boot floppy, or at worst, disassembling the box and taking its disk out. An exception to this is if encryption is used, either on the system’s most private files, or on the entire disk. Similarly, if they can remove the machine from the office, there’s no telling where your physical asset or its proprietary data might end up!

Dot-bomb layoffs and “five-finger severance” have resulted in tens of thousands of dollars of missing computers (and copies of source code) at just two companies one of the authors knows about. And airports today are full of notebooks accidentally left at gates by hurried travelers.

Other workstation-based security issues can be more easily resolved. For example, to protect yourself against flaws in workstation OS and application software, keep all software installed on users’ machines up-to-date with the latest security fixes. Also, anti-virus software can scan all incoming email for potential viruses and can be employed on individual workstations to detect and contain a virus if one should appear. Windows system policies and careful assignment of user rights (no, every user does NOT have to be in the Power Users group) can prevent users from installing programs, controlling services, sharing drives to the network, etc. and set up screen savers to lock the workstation after 10 minutes without use. Restrictions can be set on user passwords to mandate an amount of time between password changes, strength of password, etc.

It’s also possible to address some potential security issues with changes in hardware configurations. You might consider removing floppy drives, if your systems don’t absolutely require them, in order to eliminate a way in which data can be copied from the network. (Really, when was the last time you needed to use a floppy on a network workstation? And when you did, would it have been that great an inconvenience to go visit one of the few machines that had one?) And to keep users from booting from unauthorized CD-ROM’s or floppies and gaining access to the machine’s disk, consider setting the boot order in the machine’s BIOS to exclude the CD-ROM and floppy, and password protect the BIOS so that the user can’t change the boot order back him or herself. Don’t want your users attaching modems? You can make the task more difficult by removing or disabling the workstation’s serial port.

Some of the security measures for workstations still come down to person-to-person communication. Let users know they’re responsible for their system, what happens on it, and what is stored in it. Inform users of your organization’s computer use policies so that users don’t unintentionally violate them and know the penalties if they deliberately do so.

SNMP (Simple Network Management Protocol) 1 2 3.1.12  Servers