Q&A on IT/HR collaboration with Volodymyr Styran

VPN Haus spoke with Volodymyr Styran, a security expert, about ways IT professionals can work more closely with HR on issues like provisioning. VPN Haus has long advocated for IT departments to make user provisioning a higher priority and Stryan has some ideas on how this collaboration can be turned into reality. VPN Haus:  Let’s start with basic tampering. How can IT administrators prevent users, especially ones who are tech-savvy themselves, from tampering with settings? Styran:  I’d suggest application of strong organizational policies and thorough logging of user actions. Changes to local policies are usually reflected in [programs like] Eventlog. Collect it centrally in a separate log management facility, review the logs regularly, and follow up the findings via disciplinary action. This may sound a bit aggressive, and is rather reactive than preventive, but in my opinion this is the most effective approach. VPN Haus:  What’s the greatest enforcement challenge? Stryan: The greatest enforcement challenge is making HR execute disciplinary action. Punishing is not their favorite part of the job, because it affects image…So, when it comes to HR, one has to present and explain every bit of risk and harm introduced by a violation. And all this definitely makes little sense unless strong administrative policies are established beforehand. VPN Haus:  Can you provide 3 – 5 tips on how IT departments could work more closely with HR to foster better communication between the departments? Stryan:  Sure. – Be friendly, while being firm when needed. – Make it formal, while maintaining good relationships. Write your policies firm and strict, but socialize with HR in a positive manner. – Pay...

Q&A on IT/HR collaboration with Volodymyr Styran

VPN Haus spoke with Volodymyr Styran, a security expert, about ways IT professionals can work more closely with HR on issues like provisioning. VPN Haus has long advocated for IT departments to make user provisioning a higher priority and Stryan has some ideas on how this collaboration can be turned into reality. VPN Haus:  Let’s start with basic tampering. How can IT administrators prevent users, especially ones who are tech-savvy themselves, from tampering with settings? Styran:  I’d suggest application of strong organizational policies and thorough logging of user actions. Changes to local policies are usually reflected in [programs like] Eventlog. Collect it centrally in a separate log management facility, review the logs regularly, and follow up the findings via disciplinary action. This may sound a bit aggressive, and is rather reactive than preventive, but in my opinion this is the most effective approach. VPN Haus:  What’s the greatest enforcement challenge? Stryan: The greatest enforcement challenge is making HR execute disciplinary action. Punishing is not their favorite part of the job, because it affects image…So, when it comes to HR, one has to present and explain every bit of risk and harm introduced by a violation. And all this definitely makes little sense unless strong administrative policies are established beforehand. VPN Haus:  Can you provide 3 – 5 tips on how IT departments could work more closely with HR to foster better communication between the departments? Stryan:  Sure. – Be friendly, while being firm when needed. – Make it formal, while maintaining good relationships. Write your policies firm and strict, but socialize with HR in a positive manner. – Pay...

Ready or Not, IPv6 Security Threats are Coming

There’s a simple math problem causing quite a lot of pain for companies who use the Internet. Here’s the math: seven billion does not equal four billion. As simple as this statement is, the complexity it creates is staggering. IPv4 represents the smaller sum. The solution, of course, is IPv6 with its 128-bit scheme, compared to the 32-bit predecessor. That equates roughly to 3.4×1038 unique addresses, enough to cover the seven billion people on the planet today and more than enough to substantially future-proof the protocol until we’re all well done and gone. The security threat for companies in this situation lies in how to update all the technology to reflect the inevitable shift to IPv6. This includes all the technology they rely on that runs, processes or navigates any Internet data stream. First, let’s cover the baked-in security of IPv6 protocol stack. In simple terms, the major difference is section RFC4601 which mandates use of IPsec for all nodes – something available for IPv4, but not required. The large address space in IPv6 safeguards against port scanning. Again, there’s math here that Samuel Sotillo details in his East Carolina University paper. Changes to the authentication header; encapsulating security payload, transport and tunnel modes; protocol negotiation and key exchange; and neighbor discovery and address auto-configuration further improve security. Defcon speaker, Sam Bowne warns the industry that IPv6 adoption will likely cause “severe security headaches” because IT professionals haven’t really dug into the issue yet, as it’s not widely adopted today. What is happening today is a slow rollout – or a dual-stack environment – where both v4 and v6...

What We're Reading, Week of 8/9

Computerworld, Five Windows 7 Security Features that Businesses Need to Know About CSO, Workarounds: 5 Ways Employees Try To Access Restricted Sites Dark Reading, Flawed Deployments Undermine Kerberos Security InfoSecurity, A Clear Future for a Cloudy Concept: Importance of a Strong VPN SC Magazine, BBC Experiments With Mobile Spyware As It Creates And Tests A Malicious Application SearchEnterpriseWAN.com, Knowing When To Outsource VPN Services [tweetmeme source=”vpnhaus”...

What We’re Reading, Week of 8/9

Computerworld, Five Windows 7 Security Features that Businesses Need to Know About CSO, Workarounds: 5 Ways Employees Try To Access Restricted Sites Dark Reading, Flawed Deployments Undermine Kerberos Security InfoSecurity, A Clear Future for a Cloudy Concept: Importance of a Strong VPN SC Magazine, BBC Experiments With Mobile Spyware As It Creates And Tests A Malicious Application SearchEnterpriseWAN.com, Knowing When To Outsource VPN Services [tweetmeme source=”vpnhaus”...