Desktop Inventory and Maintenance
A detailed inventory
of all hosts on the network, such as workstations, servers, and laptops should
be kept. This inventory should include the serial number of the computer, the
type of hardware and software that is installed, and the name of the individual
that is responsible for the computer. It is particularly important to provide
employees with adequate training to educate them about keeping laptop computers
secure
.
When
software, hardware components, and storage devices are replaced the inventory
should be updated to reflect the change. A procedure for the disposal of
hardware that is no longer being used needs to be in place. Any storage media
will need to be disposed of properly to make sure that the data is not
recovered by unauthorized individuals. There have been many cases of
confidential data being recovered by individuals that have acquired used hard
drives. Letting this data fall into the wrong hands could have serious
consequences, including legal action being taken against the organization that
did not take appropriate steps to make sure that the information remained
private.
Update Anti-virus Definitions
As new virus or Trojan
horse applications are released, enterprises need to keep up to date with the
latest antivirus software and application versions. Antivirus software can only
stop viruses and Trojan horses if there is a known signature to identify the
malicious object.
In order for virus scanning to be successful, the
following should be completed at regular intervals:
- Routine host local file scanning
- Routine virus list and signature updating
- Routine monitoring of alerts generated by the host scanners
Update HIDS and HIPS Signatures
The effectiveness of an HIDS
or HIPS depends on the update status of its signature database. A brand new
exploit can slip past an HIDS or HIPS that does not have the signature of that
exploit yet. Another issue is that signatures can be too broad, which can
generate many false positive alerts. HIDS and HIPS signatures need to be
updated on a regular basis. Alerts and logs should be monitored so that ongoing
tuning of HIDS and HIPS implementations can be performed.