Securing Authorized User Access on Windows Networks

Guest blog post

How can organizations safeguard and secure their Windows infrastructure to mitigate insider threat, ensure regulatory compliance and respond to IT emergencies?

Rahul Bhatt is a Security Consultant at LOGON Software Asia Limited, a leading independent supplier of security software to the Asian IT communities for over 10 years.

 

IT administrators spend a lot of time and effort solving technical outages, responding to information leaks and reacting to unplanned downtime. This is not however largely caused by any attacks from outside but what legitimate authorized users are doing on the inside.

So how do we help our clients meet this challenge of hardening the Windows network against these insider threats? Three key considerations are worth investigating further….

1. Network Security without compromising on portability

BYOD Security from controlling WiFi sessions

 

User monitoring poses a significant technical and operational challenge alongside key concerns over network performance and budgeting. How do we manage and enable security without compromising on the factors key to a organization – such as portability of data and the increasingly popular BOYD culture? Solutions today need to be both efficient across all session types and affordable.

2. Ensuring regulatory compliance

Many organizations today have compliance standards to ensure data and information remains protected. How do we manage and enable resources that also help an organization get compliant, especially in light of the increasingly complex business and technology environments?

For example, compliance with the Payment Card Industry (PCI) Security Standard is becoming increasingly important for all organizations that carry out credit card transactions or store credit card information. Compliance with the PCI DSS means that your systems are secure, and customers can trust you with their sensitive payment card information.

The PCI standard imposes

  • Regular information systems monitoring
  • The ability to track and monitor all access to cardholder data

Organizations that undertake such audits to comply can struggle with the implementation and maintenance of such standards. The audit asks a wide range of requirements and controls to minimize the risk to card holders data.

A webinar series for the PCI community and the general public to outline the recent proposed changes

3. Effective Responding to IT Security Incidents

Being that it is impossible to prevent all security incidents, an important component of a information technology program is how you respond to any incident. A critical part of incident handling is analyzing incident-related data and finding answers quickly and accurately to questions such as;

  • “Who was logged on the server?”
  • “Was it authenticated properly?”
  • “Where is the source of session?”
  • “I need a report of every activity on the server…!”
  • “But he is not supposed to be on the server…!”
  • “What protocol was used?”
  • “Did someone authenticated via iPad?”
  • “Was a file changed?”
  • “How can we stop it……?”

 

Previously we have come across a wide range of solutions that promise the same but as time passes, we find the most sought after security systems in our arsenal prove to be ‘a lame duck’ in the event of an incident.

A solution does exist however. IS Decisions offer software solutions that will meet compliance standards (such as the PCI requirements) and help secure an organizations Windows infrastructure.

Reporting on User Session Activity – Faster Forensics!

Having the capability to access reports on all user session activity comes as a great advantage. With UserLock and FileAudit – two solutions from IS Decisions – you can answer accurately and quickly these type of questions. It provides you with powerful security controls to respond instantly to emergency situations.

logon session history report

Enforcing User Access Policy

With UserLock organizations now have the capability to control user access by enforcing a precise and customized user policy to permit or deny logins. With the ability to disallow concurrent or multiple logins one of the most potentially dangerous situations for a Windows Network is averted.

limit concurrent sessions

Controlling and restricting user access significantly improves the security of the infrastructure helping thwart insider attacks and prevents a scenario where we have to answer the type of questions listed above.

Monitoring all Network Access

By monitoring all user access, including Wi-Fi and VPN sessions, an organization can even control their wireless networks and secure BYOD environments with UserLock.

Empowering IT to Secure User Access

Userlock seems to have empowered the system administrators to manage security and enforce stringent control over unwanted sessions and user policy.

IT can rely on UserLock to automatically control;

  • From where users can login.
  • What time window to login.
  • Can or cannot use Wifi, VPN, IIS
  • What type of sessions can be allowed.
  • What protocols can be used

UserLock & FileAudit have both proved useful in managing an important aspect of PCI compliance as well as enabling IT to achieve faster forensics to answer who, where and how it happened.

Additional Information and Details

UserLock protects the network and all the data contained within by restricting and controlling user logins according to customized user access policies. It empowers IT to track, record and automatically block all suspicious sessions. Find out more. Free 30DayTrial of UserLock.

Keeping track over who has access to data is critical. FileAudit makes monitoring, auditing and securing files and folders intuitive and easy. It significantly reduces the workload related to monitoring access to sensitive data and allows you to respond instantly to emergency situations. Find out more. Free 30Day Trial of FileAudit

Chris is Community Manager of IS Decisions, a Software Vendor specializing in Infrastructure and Security Management solutions for Microsoft Windows.