Story image

Locking the bathroom window

01 May 10

Security at the network gateway, or in the cloud itself, can improve your security posture, but if you were only allowed one sort of security solution, you'd want it
to be endpoint-based, for four main reasons:

  • Endpoints are the nucleus of most malware attacks, even if the final target is not the endpoint itself.

  • Endpoints are where your confidential and encrypted data is most likely to be unscrambled for presentation.

  • Endpoints are almost always not just on your network, but inside it.

  • Endpoints are increasingly the gateway into your network for new content.

    You might disagree with the last point, but data which enters your network via a traditional gateway device might only become available when it reaches the end- user, thanks to encryption. Such data doesn't really exist (or, at least, is unrecognisable) until it is at the endpoint.

    Data files introduced to a computer via a USB key or another removable device, or files downloaded whilst a laptop is connected to someone else's network, don't pass through traditional gateway devices at all. This means they quite literally don’t ‘exist’ on your network until they first appear on the endpoint.

    Clearly, then, we need to protect endpoints in order to prevent them being owned by cybercriminals. Endpoint malware threatens not only the computer it infects, but also other computers on the network and the reputation of the organisation itself.

    This poses the questions: just what is an endpoint these days, and where does endpoint protection end?

    In the early days of malware prevention, the admittedly-annoying word ‘endpoint’ didn't exist. We just talked about PCs instead. And PCs generally excluded servers and other dedicated devices, being limited to computers running DOS or Windows, issued to individual employees as general business tools. These days, well-informed system administrators aren't so restrictive in their definition.

    Computers not running Windows, such as Macs, are endpoints, too. Sure, they are much less likely to get infected than their Windows cousins, but infection can happen. And they are perfectly capable of being Typhoid Marys, glibly passing on infections to which they themselves are immune.

    Servers, too, are endpoints – not least because they are at the end of a network cable. Often, they run an operating system that is indistinguishable at its core from the one used on laptops and PCs. And since servers generally dish out content to other devices on the network, they too can be Typhoid Marys.

    So where does this leave modern-day networked computers such as point of sale (POS) terminals, kiosks, cash registers, digital signs and the like? Are they endpoints? Or do their special purpose and their carefully-restricted user interface mean you can exclude them from malware risk analysis?

    No, you probably can’t. Increasing numbers of embedded and single-purpose computing devices are not only connected to your regular business network, but also run a core operating system which is similar or identical to the operating systems you use elsewhere. Microsoft's Windows Embedded Platform, for example, comes in a dizzying range of variants, but is very carefully advertised as: "One platform. Endless Possibilities".

    Ignoring your embedded devices is a bit like locking up your house but leaving the bathroom window open on the grounds that it's the smallest opening and the least interesting room for a burglar.

    So if you have decided not to protect your customer's embedded devices such as POS terminals and digital signs, you might want to reconsider. Sure, they generally have a lower surface area of attack than the average laptop, but they can also be the trickiest and most expensive to cure if they do become infected. And if infected, they actively threaten the rest of your network.

    Lock that bathroom window, or at least put burglar guards on it.

IDC: Smartphone shipments ready to stabilise in 2019
IDC expects year-over-year shipment growth of 2.6% in 2019, while the world's largest market is still forecast to be down 8.8% in 2018.
Microsoft NZ bids Goldie a “fond farewell”
Microsoft New Zealand director of commercial and partner business takes new role across the Tasman. The search for his replacement has begun.
One Identity a Visionary in Magic Quad for PAM
One Identity was recognised in the Gartner Magic Quadrant for Privileged Access Management for completeness of vision and ability to execute.
Accenture 'largest Oracle Cloud integrator in A/NZ'
Accenture has bought out Oracle Software-as-a-Service provider PrimeQ, which now makes Accenture the largest Oracle Cloud systems integrator in Australia and New Zealand.
Telesmart to deliver Cloud Calling for Microsoft Teams
The integration will allow Telesmart’s Cloud Calling for Microsoft Teams to natively enable external voice connectivity from within Teams collaborative workflow environment.
How to keep network infrastructure secure and available
Two OVH executives have weighed in on how network infrastructure and the challenges in that space will be evolving in the coming year.
White box losing out to brands in 100 GE switching market
H3C, Cisco and Huawei have all gained share in the growing competition in the data centre switching market.
Gartner names newcomer Exabeam a leader in SIEM
The vendor landscape for SIEM is evolving, with recent entrants bringing technologies optimised for analytics use cases.