Managing and Securing Endpoints

Bruce HotteChief Information Officer

Jeff SwanNetwork Supervisor

The definition of “endpoint” used to be simple: a desktop workstation. But today’s environment is far more complex. Laptops, mobile devices, teleworking, outsourcing – all of these add tremendous complexity to the challenge of keeping systems and data secure. This session looks at the latest strategies and solutions being used in the public sector.

1– Protecting Data on Desktop and Tracking◦ - Virus Protection◦ - Firewalls◦ - Desktop Protection◦ - Encryption

2 – Email Protection 3 – Why?

Focus Points

- Enterprise Virus Protection Why important? ePolicy Orchestrater Benefit to Agency and our Local Health Department’s

workstations and servers.  Centralized notification of virus outbreaks, out of

date clients, definition files and rogue systems (computers with no anti-virus client).

- Update Process Each day at 6:00 AM to download to Server. Workstations and servers then connect to the ePO

server each day to obtain update, if needed.

Virus Protection

- Importance of firewall.

- Many options.

- We went with Windows Defender and Windows Firewall for spyware blocking and protection as we moved to Windows Vista.

Firewall

Why protect more? Remote Staff Stolen or missing Equipment Asset Management Software Management Cost

Computrace helps combat the security risks associated with computing assets, and the asset management challenges they pose.

Recovery protection Remote kill

Desktop Protection

Absolute Software’s product line is based on the patented Computrace Technology Platform.

This client/server architecture provides secure, client-initiated IP-based communications between the Computrace Agent and the Monitoring Center.

The Computrace agent resides on the hard drive, or, ideally embedded in the Basic Input Output System (BIOS) or firmware of the host computer.

How does it work

- Compliance – Adherence to all applicable mobile data protection regulations, with an easily accessible audit trail

- Protection – Protecting data on mobile computers includes encryption, strong authentication and the ability to remotely delete sensitive data on stolen devices

- Recovery – Recovery of lost or stolen devices returns them to the control of the organization and facilitates prosecution.

By adopting the CPR approach to laptop security, government agencies can minimize the impact of computer theft, while complying with privacy regulations.

Tracking of Hardware – CPR: Compliance, Protection and Recovery

- Protect data on your pc’s, laptops and external devices.

Mandated by Executive Order Sensitive data

SafeBoot – How did we do it. Used SafeBoot AutoBoot\AutoLogin method to get started and

protected quickly. Deployed through Windows Group Policy. Beginning to move toward SSO and Content Encryption.

Put less data on Laptops. Do more work in the Data Center. Citrix is a possible solution. This is a very important when you discuss DR and teleworking.

Encryption

Why important? What is the only application that everybody uses?

GFI MailSecurity is a comprehensive email content checking and anti-virus solution to safeguard your mail server and network. GFI MailSecurity acts as an email firewall and protects you from email viruses, exploits and threats, as well as email attacks targeted at your organization.

GFI MailEssentials is an enterprise level anti-spam solution. GFI MailEssentials offers spam protection at server level and eliminates the need to install and update anti-spam software on each desktop. This tool is and will always be very important to the Agency in protecting us from Spam, which some say may become worse than viruses.

 

Email Protection

We received a total of 477,288 pieces of mail from 09-11-08 until 09-17-08. Of those, 1,786 were virus and attachment blocks and 335,109 were spam. Legitimate mail delivered to users was 140,393. These numbers indicate that 78% of the email received was blocked due to spam and viruses.

Will you be able to stop all spam? Can you avoid Spam?

How well does it work

Why important: HIPAA Sensitive Data

- ZIXVPM (Virtual Private Messaging) applies encryption to sensitive outbound email. The ZIXVPM device to examines and automatically encrypts email that meets a predefined set of criteria.

- We are using ZixCorp services to protect our email and ensure all Protected Health Information remains confidential.

- Secured communications easy. ZixCorp services enable us to send encrypted email to anyone, whether they are ZixCorp customers or not. Secure e-messaging is not just a government mandate; it's a practical way to do business.

Email Encryption

The content of all outbound messages are scanned and compared against two lexicons, or dictionaries.

- Identifier Lexicon has a criteria of identifier information example: Social Security numbers - HIPAA Lexicon contains HIPAA terminology example: a health condition/disease The content of the email message must meet a criteria defined in both

lexicons for encryption to occur.    • Example 1: Message will be encrypted if message or attachments contain a Social Security number and a name of a disease. • Example 2: Message will not be encrypted if message or attachments only include a Social Security number. • Example 3: Message will not be encrypted if message or attachments only include a name of a disease.

Lexicon

ODH has also enabled “keyword encryption”. Anyone can send an encrypted email by using the keyword. The keyword must be the first word in the subject line.

 When the user receives the encrypted message and if they are not a ZIX customer, they will need to follow a registration process. The process part of the message they will receive in their inbox. If they are a ZIX customer, the message should go directly to their inbox.

Keyword Encryption

- Why do we seem in business and in life to wait for bad things to happen to us before we take action?

- Did I get a good backup? - Where is my laptop? - Where did that email go? - Is your power on?

Take a look at yourself and your organization.

Why?