Assessing the security of desktops, laptops and servers
Over the past decade, the desktop PC and its close relative, the laptop, have become synonymous with work. Alas, in far too many organisations they have also become recognised as being as secure and trustworthy as the promise of a politician just before an election. It is neither impossible to manage PCs well nor is it now difficult to assess just how secure is each device.
The potential security risk posed by PCs and laptops used in enterprises large and small is well known. Such systems are frequently the target of malicious code such as worms and have long been exploited by e-mail virus codes and, more latterly, their Internet cousins. With the number of PCs in use going up day by day such platforms need to be managed effectively both to ensure that they operate well and to minimise the risk exposure that they can represent.
Last week AppSense, a supplier of security solutions, announced the release of the AppSense Security Analyzer, a tool designed to help organisations assess the security health of their computing end points. It is worthwhile noting that as well as assessing the security of PCs and laptops the software can also target server systems. Of even more import, organisations can make use of the Security Analyzer without charge.
AppSense Security Analyzer works by simply attempting to undertake a wide range of actions on the target platform without causing any user disruption. For example, the analyzer seeks to run new code on the platform by creating and executing a .vbs (script) file, running the “ipconfig” command along with adding or modifying registry keys. Following the tests the software produces a clear report indicating the security of each system.
Whilst the Security Analyzer does nothing on its own to enhance the security of systems there is absolutely no doubt that the software can supply accurate information highlighting where efforts need to focus to enhance the overall security of the platforms scanned. After all, without having any simple means of assessing the security of platforms it is highly unlikely that security efforts can be optimised. In fact it is probably fair to say that unless an organisation is prepared to undertake the measurement of baseline system security that it is even less likely to seek to do anything at all. Ignorance of the state of IT affairs and deployment rarely equals bliss; in these areas more often than not ignorance leads to disaster or at least to considerable pain.
The AppSense Security Analyzer is a tool worth considering in order to establish an operational security baseline. However, the next step will be to take any actions necessary to ensure that system security for each platform is at the level desired and required by the organisation. This means putting in place effective IT and people management processes and, almost certainly, effective education for all users of IT systems.