By Scott Aurnou
Literally speaking, ‘endpoint security’ refers to protecting the various electronic devices that can connect to a computer network. Each device that can access a network creates a separate endpoint that has to be secured. This can include anything from cameras to printers or anything else connected to the network though, for most people, endpoint security means protecting laptops, smartphones and tablet computers against various electronic threats, as well as physical ones (like being stolen). In practice, this means trying to put in place an equal minimum level of protection for every device capable of accessing the network. To enforce this, a network may be configured to only allow access to devices that have certain specific security measures in place before connecting to the network and potentially accessing proprietary information and/or sensitive data. If an infected laptop, smartphone, tablet or portable storage – like a USB thumb drive – does connect to the network, it could upload malicious software (aka malware) or expose sensitive data from the network once it’s downloaded to the improperly secured phone, etc.
While this may sound like a relatively straightforward process, it’s often one of the weakest spots in any computer network. This is because of an increasingly common workplace concept referred to as Bring Your Own Device (aka BYOD). Employees, guests, consultants, students, doctors, co-counsel, family members, etc. frequently use their own laptops, phones and tablets and generally expect to be given access without the ‘hassle’ of having them checked first or downloading security software before exposing the network to whatever unfriendly software is lurking on their devices. An infected device can easily spread malware like a computer worm that, by design, will self-replicate, spread throughout a system and create openings additional malware like rootkits and Trojans (all things you would definitely rather not have on your network).
As noted above, devices can be vulnerable to both electronic and physical threats.
Securing devices against electronic threats. Completely locking down a device against a highly skilled attacker can be difficult though, many commercially available endpoint security products will cover the basics to secure the computers and mobile devices connecting to a network. This will typically include firewalls, anti-spyware, anti-virus and intrusion prevention software (which is designed to detect and stop foreign electronic traffic on a system). Of course, the protections should be put in place on any devices connecting to the network and they should be included in any vulnerability assessments performed on the system. In addition, device owners should be trained to recognize and avoid threats spread via email, text messages and third party app stores. Also, under no circumstances should a ‘jailbroken’ or ‘rooted’ device be permitted to access your network. The jailbreaking or rooting process by nature disables the device’s security protections (and any updates), greatly increasing its exposure to malware that can then attack your network.
Securing devices against physical threats. Simply put, portable things can be lost or stolen. A few basic steps should always be taken to ensure that the information stored on those devices remains secure. For starters, laptops should be password-locked and encrypted and mobile devices should have their passcodes enabled. The information on the devices should also be securely backed up and remote wipe software should be put in place to erase the device and prevent the disclosure of any sensitive data in the event that it’s lost or stolen.
It may seem like a hassle to make sure each device that connects to your network is properly secured first, but it definitely beats the alternative…
