Yesterday I looked at the Consumerization of IT and the entrance of the iPhone, iPad and other consumer devices into regular rotation for accessing the Enterprise Networks. The Cloud has become the great equalizer, whether it is the Private or Public Cloud, many of the great things that we take for granted needing to be installed and maintained by IT are now provided by 3rd parties and “as a Service”.
When it comes to the great unsupported and often supported applications within the enterprise though there needs to be an established “sandbox” that protects the Enterprise not just from the threat of Social Networks and external hackers; but from the well meaning but not completely understanding end-user who wants to plug into the network at the office and use some great new tool they found for free on the Interwebz.
I spoke with our Security Experts at home and while for some who read this they will be saying that this is absolutely elementary…these are the most common security holes that are identified quickly but also most easily plugged:
For the IT Pro it should be commonplace to add this feature into the routers and switches and have an “accepted” MAC Address listing that only PC’s, Laptops and other devices on the “White List” are able to connect to the network via an Ethernet Cable. It means more work on the front end and will never completely keep an enterprising Social Hacker out of your network but for the casual “Let’s plug in and see where this takes us” it will completely lock them out. There is nothing FOSS about this but it is baked into the most basic of consumer routers and the commercial ones I have worked with in the past.
Browser Based Apps
Despite the recent announcement of the end of the Adobe Air Marketplace the world of tiny “applets” and full desktop apps written in HTML or Flash, Silverlight or Java are truly the wave of the future. Google Docs (the much talked about MS Office alternative is nothing more than a highly evolved Browser App. So to are the apps developed in the Google Chrome App Marketplace and the web is chalked full of free or nearly free alternatives that will run from a browser! The real question is what browser should you use to ensure that you have the correct security and usability? Well these apps were not all created equally and will run differently in different browsers so use caution, test things out but generally speaking the Browser Based App is kept in a nice neat shell that keeps it out of harms way.
Desktop Security Software
Many Malware and Firewall companies are now including a Sandboxing feature that protects the greater network that the device is connecting to. This layering effect will effectively place unknown software into a protected Sandbox to ensure security and stability of the system are ensured.
Restricted Admin Rights
I know, I know what company provides their employees with full access to their systems but I have experienced the wrath of clients who provided even temporary access to an Admin Account and then had to spend the next several days tracking down all the instances of Conflicker that invaded the network…my best recommendation to anyone out there…even if they have a “C” in their title…they are nothing more than a computer user.
Self Contained Guest Network
There are those times that guests from the outside world or employees do need to access the Enterprise Network. There are some great walk throughs from WLAN Vendors and the key is to set it up at the outset and keep it updated! There are even times when those same people need to not only access the internet but also interact with files and systems within the internal network. A guest Network can be as simple as complex as needed, be both Self Service or established by IT but even more importantly…this Network access must be monitored! WiFi gets hacked…it is a fact of life so protect the assets and CYA!
Now when it comes to getting FOSSy with your Apps in this environment, I thought I would point out some options to spending the big bucks for Network Monitoring, Application Virtualization and Open Source Browsers.
FOSS Network Monitoring
Nagios remains an viable alternative to the more expensive proprietary monitoring appliances and software solutions out there. I have worked with Nagios quite extensively over the years and have always found it to be a trusted partner when building a network!
For the over protective, Application Virtualization is a way to know what is going where and when but there are some solid Open Source Clients out there…even from the king of Virtualization – VMware! Other alternatives can be found here.
Open Source Browsers
Firefox reigns supreme as an Open Source Browser but there are alternatives but it will still boil down to whether or not the IT department will support the rapid development process that generally accompanies an Open Source Project (6 month or less in some cases for full upgrade releases are a huge pain for compatibility testing and security checks). Google Chrome is based on the Open Source Chromium Project so can be included here.
As always, it has been a pleasure but it is time to hit the bricks!
Chris J Powell