Here is a checklist of 10 important tasks security administrators should perform to keep devices protected and secure. Security administrators oversee the secured processes in place, safeguarding the day-to-day operations of an organization.
While it is easy for users to focus solely on protecting computers and their devices, security admins are tasked with managing the overall landscape–including LAN/WAN, services, the devices used to access those services, and the most unpredictable factor of them all: The end user.
Below is a checklist list of 10 items that should be performed to ensure that devices and networks remain secured throughout the year.
1. Update your company’s policies
While many of these documents also require feedback from other stakeholders prior to ratification, the crux of the heavy lifting is often performed by IT. This is in the form of drafting the initial documents and their subsequent updates based on data derived from assessments, testing, and analysis of security best practices and trends.
2. Update (or draft) an Incident Response Plan
An Incident Response Plan (IRP) is used as the playbook by which IT responds to and handles security incidents that threaten, breach, or compromise the digital assets of the enterprise. For those organizations without one, get that drafted and present it to upper management as soon as possible.
If an IRP exists, then perhaps a review of the documentation is needed to update the responses to threats, remediation, post-event documentation practices, and most importantly, regulatory provisions that may exist governing how certain industries must report incidents.
3. Schedule maintenance calls with vendors
Relationships with trustworthy partners are always important when managing large-scale IT operations. Security has a huge role to play in this with vendors offering important guidance and updates to security appliances and software, as well as providing tools and engineers to assist in the management of security best practices and maintaining the organization’s protected perimeter.
4. Review firewall rules
One of the most important layers in protecting the network’s security from unauthorized access and potential threat actors–the firewall–requires consistent monitoring and updating to continue to protect company data. Part of this process involves reviewing the rules configured on the firewall to ensure that they remain pertinent to the protection of data assets and in-line with current trends and best practices.
5. Assess internal security audits of systems
Often IT will rely on penetration tests to find the proverbial “kinks in the armor” in the enterprise’s security systems. These tests provide insight into how exposed systems and devices are, as well as how systems respond in real-time to attacks and threats.
Armed with this information, security admins have their work cut out for them. They have to now perform risk assessments to determine what vulnerabilities must be corrected and actually get down to the brass tacks of correcting the issues to shore up protections and keep security at an all-time high.
6. Perform directory server auditing and cleanup
Most enterprises leverage their user and computer objects with directory services. It’s difficult to imagine a large-scale infrastructure that doesn’t use a centralized management system for its network. The benefits are clear, and management–however broad or granular–could not be simpler.
However, as with any system, it can become bloated with corrupt or out-of-date entries and must be tuned up regularly to continue running optimized.
A big part of routine maintenance involves the purging of obsolete records, organizational units that are no longer pertinent, and pointers to sites and policies that are obsolete. By auditing these regularly, IT can ensure that user accounts for terminated employees, for example, are properly managed and cannot be used as an attack vector to gain access into the network.
Another example is security permissions that are managed by group membership or roles. Auditing permissions can identify holes in the underlying security, which helps security admins correct these issues, further minimizing exposure.
7. Review security logs and alerts
This one should come as no surprise. All devices on the network create logs for any number of processes running at any given time. These logs should be reviewed periodically to identify critical (and even not-so critical) elements that need to be addressed before they’re exploited or become larger issues down the road.
It’s no secret that this isn’t exactly a glamorous part of the job, but it is a necessary one and too important to leave unchecked. Luckily, there are many tools, such as syslog and SIEM servers (among several others) that are designed to make short work of logs by sorting, categorizing, and labeling important entries so that relevant, actionable data is available at your fingertips. Some even integrate with other software to move from reporting to mitigation as one management workflow.
8. Research new technologies and upgrade paths
Admittedly, not all IT employees get the chance to participate in a research and development-like environment where they are privy to testing new equipment, developing integration plans, and are on the bleeding edge of implementing new technologies for their organizations.
Whether this is you or not, that should not stop you from researching the latest technologies, learning more about them, and even procuring training on such hardware and software that might be a good fit for the enterprise. If you are part of such a group, then taking the time to devote a bit more time to researching and testing technologies now can pay off dividends in the future.
9. Securing remote access technologies
Widespread internet access virtually everywhere has brought burgeoning web-based services to the mainstream. With enterprises and consumers increasingly relying on the cloud to do everything from store data to send messages to manage devices, many more than ever before are turning to remote access technologies (RATs) to virtually connect to their devices over the web as if they were sitting directly in front of their machines, working locally.
As the usage base grows, so too does the attention to these forms of connectivity and how people are connecting to them. It is imperative for security admins to adequately review, test, and audit their remote technologies to ensure they’re working (and being used by end users) in a manner that best protects the network and company data.
Assessing the encryption strength, known vulnerabilities, security controls available and enabled, as well as policies to govern how communications are being protected are very important details to have worked out.
10. Develop and conduct end-user training
Sadly often overlooked is the development of training for end users. A considerable portion of security rests in the hands of the end user. This doesn’t mean users can or will configure firewalls or bypass filters but that much of the protections in place can be side-stepped by a cleverly crafted phishing message. Any unsuspecting user will click on and install a zero-day attack, harvest credentials, and possibly open the door to further repercussions, without even generating an alert in the firewall or tripping the NIPS–or even disrupt the user’s day-to-day operations.
There’s a reason Kaspersky noted a 21% increase in phishing attacks during the second half of 2019–it’s because they get results. There are a number of other variables that contribute to the growth of phishing scams, but educating users through ongoing training is the only proven way to effectively limit and help turn the tide on user-related exposure.
Be sure to check out more articles on Making Sense of Security.