First Things First - Content Filtering
Firewall configuration should have been a single post, but I realized that I do quite a lot of configuration without even thinking about it. With that said, I decided to break this up into small but progressively more complicated tasks.
One of the things I see disabled almost immediately by most firewall admins is content filtering. Yes it is overbearing, annoying, and raises concerns over censorship. What it can do is protect your workstations from crap floating around the internet embedded in sites they really had no reason to be on in the first place. Here are some tips for keeping your job, and keeping people on your side:
1. Go slowly: If you don't have content filtering turned on, configure the policy to only block sites in categories such as freeware or malware. Then enable content filtering and see if anything breaks.
Next, print off the list of categories that are available in your platform, and take it to the leadership of your organization to get approval on which categories you can block and which are off limits. Establish a process for white listing sites that are miscategorized or are necessary for business. I like to set up a system where I can email the decision maker and only white list a site with their approval in an email.
Once you have your marching orders, enable one category per day and wait for the calls to come in.
2. Explain the change in advance, and let leadership take the heat for the decision.
3. Work with users, don't make them feel like you're working against them.
Advanced Categories and Custom Configs:
I will shout it out on top of a mountain: "I HATE ADS"
I also have found that it's very easy to block them by loading the frame in a seperate window and grabbing the URL. I then add it to my blacklist and say goodbye to the Russian Brides and the free games. If the Zedo issue from earlier this week taught us anything, it's that no good comes from ads.
The other category that I really like but that breaks a lot of sites is the "Uncategorized" category. Be advised, your life will be hell for a while. But after some tweaking and some grumbling, our Malware infections at customer sites that have allowed me to implement this had plummeted. One customer had 5 infections in a week, and since we put the work into this category it's dropped to one in 9 months.
Finally, stick to your guns. This will likely be a painful change for a lot of users but it will be worth it in the long run.
Friday, October 3, 2014
Thursday, October 2, 2014
SMB Infosec -Diamonds from Dust Part 1
This is the first blog in what I expect will become a series of blogs on methods I have come up with for securing the SMB company with limited resources.
Diamonds from Dust will be written primarily from an MSP's point of view. I firmly believe that every small business needs a partner with some technical resources in order to remain secure. This isn't about an onsite person's technical abilities at all, it's about economies of scale.
This post is about selecting a vendor. This will be the only post written from a customer's perspective.
Here we go!
The 5 things your MSP must have:
1. Technical Certification: Any MSP that has been around a while will have certified engineers on hand. This is to meet requirements for vendor recognition programs. Vendor recognition drives prices down and service up. You want that ability in your MSP.
2. A Monitoring Solution (with custom rules): Monitoring is critical, and a robust monitoring solution is critical for insight. A well tuned monitoring solution is key to your success and security.
3. A Security Focus: Your MSP must be interested and immersed in security. It must care and it must respond to threats.
4. A Customer Notification System: You need to be kept in the loop when things are bad and a way to rapidly notify customers is critical.
5. A Solid BCDR Solution: This will be the subject of at least 2 more posts in the coming weeks and months.
Next Post: Minimum Firewall Settings
Other Topics Coming:
BCDR
Monitoring Rules
Managing AV
Incident Response
Planning
Diamonds from Dust will be written primarily from an MSP's point of view. I firmly believe that every small business needs a partner with some technical resources in order to remain secure. This isn't about an onsite person's technical abilities at all, it's about economies of scale.
This post is about selecting a vendor. This will be the only post written from a customer's perspective.
Here we go!
The 5 things your MSP must have:
1. Technical Certification: Any MSP that has been around a while will have certified engineers on hand. This is to meet requirements for vendor recognition programs. Vendor recognition drives prices down and service up. You want that ability in your MSP.
2. A Monitoring Solution (with custom rules): Monitoring is critical, and a robust monitoring solution is critical for insight. A well tuned monitoring solution is key to your success and security.
3. A Security Focus: Your MSP must be interested and immersed in security. It must care and it must respond to threats.
4. A Customer Notification System: You need to be kept in the loop when things are bad and a way to rapidly notify customers is critical.
5. A Solid BCDR Solution: This will be the subject of at least 2 more posts in the coming weeks and months.
Next Post: Minimum Firewall Settings
Other Topics Coming:
BCDR
Monitoring Rules
Managing AV
Incident Response
Planning
Subscribe to:
Posts (Atom)