Enterprise security on a small business budget


I'm going to say something unpopular: P2P has no business on your work computer. The risk of malicious software from P2P (peer to peer) networks far outweighs any legitimate need for BitTorrent or KaZaa. On your personal computer, I still don't advise its use, but I can understand that there are several legitimate reasons for using it. Use reputable Websites to obtain shareware applications.

If you must participate in P2P, use a separate, nonadministrator user account for those functions. Never run software that you download from a P2P network in your administrator account, and always scan these downloads with several antivirus packages. Virustotal.com is a good place to do a quick scan of a dubious download if you don't already have a solid security package such as Norton Internet Security 2010. If you're a tech-savvy power user, run P2P software in a virtual machine to insulate your host operating system.

Nail Down Your Network

Switch your company and your home router's DNS resolver to use OpenDNS. Do it right now, I'll wait. There's no reason to use the default DNS provided by your Internet service provider. OpenDNS has a gigantic cache that will speed up your queries and a free Website filtering service that might interest some companies. Even if you don't want the filtering, its robust and secure DNS infrastructure can shield you from well-known attacks at the DNS level.

After 5 minutes of reconfiguration, your Internet connection will be snappier because the OpenDNS servers usually respond much quickly than your default ISP servers. Its Website explains the simple steps involved in changing your home router or your company's Active Directory domain controllers to their resolvers, and it has infrastructure spread all over the globe to ensure a speedy reply no matter where you are.

For power users and anyone in an IT capacity at work, I'm a big fan of using a host-based outbound firewall on both servers and workstations. It is absolutely essential to be notified when an unknown or new process decides to make an outbound connection. This way, even if something slips past your antivirus and antimalware defenses, you can catch it on the way out. Of course, this won't help nontechnical users who always click "Accept" on any pop-up that comes up.

Join us:






Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question