SANS Critical IT Security Controls #1 – Inventory your devices

Cyber attackers are constantly devising ways to hack into computer systems. You may have several test and development databases lying around across your in a semi-protected fashion. Or, your company may have recently bought and assigned a bunch of laptops. It’s essential that you patch ALL the computing devices in your environment, regardless of the purpose those devices may serve. In order to do this, however, you must first know the devices that your company owns. Even a small company these days uses a very large number of electronic devices, which include PDAs and other newer devices.

Your inventory of devices must include all systems that have an IP address, meaning every device that can potentially be an entry point for a hacker. You must include desktops, laptops, printers, databases, Windows and UNIX/Linux servers, backup systems, removable storage media including USB devices, voice-over-IP telephone systems, storage area networks, and last but most important, all network equipment such as routers, switches and firewall software. Your inventory must be detailed, with information such as the network address, the purpose of the system, the asset owner and the department that owns the device. Make sure to include all virtual machines as well as wireless devices in your asset inventory.

Once you inventory all your systems, you aren’t done! You must frequently update this inventory so it’s accurate on a real-time basis. Your system administrators must also install (freely available or commercial) software that monitors the network and immediately alerts them to the presence of new, unauthorized software and systems that have been installed by employees. Network scanning tools must run throughout the day and night at frequent intervals to catch any unauthorized devices. To prevent the installation of unauthorized devices, you must institute strict software installation policies that prohibit employees or contractors from installing software on their own, no matter how useful it may be for your enterprise.

System and/or network administrators must schedule regular “tests’ of enterprise systems by installing new software and devices on the network and check whether their scanners are able to spot the unauthorized devices.

Leave a Comment

Your email address will not be published. Required fields are marked *