Fordway Blog

User testing for practical endpoint security

Written by Richard Green | Jun 19, 2019 1:51:41 PM

 

Security is the one topic that everyone loves to hate. Sure it’s exciting to read about the vulnerabilities, but sometimes implementing the fixes can be a real headache.

As users we all want to feel and be secure but sometimes you can't help but feel like life is a little easier when the security rules are relaxed. But good security is more important than ever and as events unfold before us both in and out of the workplace, the need is real.

Endpoint security is where it matters

The place where security is most important is at the endpoint or End User Device: that place where we all interact with the systems to input and extract data. Additionally, this is the device where you do your web browsing and encounter pop-ups and adverts. The endpoint is that security blackspot where even the most experienced users can unthinkingly put their security at risk by inserting USB sticks, following dodgy web-links and opening email attachments. Therefore the endpoint is the first place that nasty software and code can access our networks and systems.

Moving on from then to now

In our experience most organisations have done little to address their endpoint security adequately. Until recently, it was probably easier to apply a ‘plaster’ to obvious vulnerabilities, perhaps with some vendor point solution. Taking a serious look at the Endpoint threat vector was quite complicated and often led to very awkward conversations with end users who stubbornly resist any attempt to curbing their rights to use tools they had freely used “in other organisations”. If an attempt was made to block an activity, there was always the risk of a user inventing a ‘clever work around’ even more detrimental to security best practice. So until recently tackling the issue has been a ‘Catch-22’ situation.

It’s much easier now to tackle the issues as there is excellent guidance freely available. The National Cyber Security Centre (NCSC) and the Center for Internet Security (CIS) have produced a series of pragmatic best practice and policies that focus on the controls needed. One of the most helpful of these is the NCSC 12 principles for native security controls which helps to break the problem into manageable chunks, using the native controls now available in applications such as Windows and Office 365 that won’t have your users rebelling.

We've been researching and testing different approaches over the last year, as we know this is a big issue for customers. As part of our research, Fordway has implemented and tested a wide range of security policies with a group of our own users. The security policies tested were based on advice provided by Microsoft working in conjunction with NCSC to provide a security baseline. Whilst the baseline never promised to make anyone bulletproof, we definitely saw fewer issues with our test group.

What we’ve learnt

Implementing security policies in this way has allowed us to ‘soak test’ changes, extrapolating the real risks and benefits of each approach without disrupting BAU for all users. Our demanding test group soon let us know if something was awry and it was easy to baseline issues and results against the existing configuration.

The result of this testing means that we have applied over a thousand unique settings across all aspects of Windows and Office applications on laptops, desktops and mobiles used across the company. That’s quite a long list so here are the key changes made:

  • Office scripting and macros are now disabled preventing malicious code from running inside Office documents
  • A Windows 10 feature that restricts access to which applications can see your Documents, Pictures, and other personal folders is now enabled
  • A Windows 10 feature that restricts dangerous network connections is now enabled
  • Protocols used for communicating with web servers are more tightly defined to provide a more secure experience online
  • Various security defaults are hardened making it more difficult for an attacker on our network to traverse from one machine to another or to gather information about machines on the network

If you would like advice, on how to make use of the native security settings in Windows or Office then we’d be happy to advise you further.