2. 2
Agenda
» Day 1: Social Engineering
» Day 2: Unauthorized USB Access & Data Loss
» Day 3: Boisterous Network Users
» Day 4: Resetting Passwords
» Day 5: Risks with Unpatched Applications
» 5 Tips to Reduce User Administration on your FTP Server
» Top 10 Online Security Tips
2
3. 3
Day 1: Social Engineering
» Social engineering is a human hacking tactic, that
involves unsuspected social engineers who take
advantage of the gullible nature to extract
information such as credentials, access codes,
financial and trade secrets, and any other sensitive
data that the victim is privy to.
» Tips to Stay Secure:
• Be aware of social engineering attacks. Educate your
peers, employees and friends.
• Do not divulge personal information and company
data to any untrusted source, however convincing and
genuine it may look.
• If you are suspicious of any person or specific email,
report the case to your organizational authorities and
IT security teams.
SOLARWINDS SECURITY WEEK
Learn more on Social
Engineering >>
4. 4
Day 2: Unauthorized USB Access & Data Loss
» It refers to the loss of sensitive/confidential
information owing to usage of USB drives
and other mass storage media
» Tips to Stay Secure:
• Set up access rules & policies so only
authorized employees have USB access
• Ensure to remove sensitive information
access from employees once the purpose of
using the information is fulfilled
• Do not leave old or unattended data on end-
user systems
• Build strong BYOD usage policy and disallow
using employee-owned handheld devices as
mass storage devices for data transfer
• Monitor the log activity of all your enterprise
workstations and USB endpoints
Learn more on USB
Security threats >>
SOLARWINDS SECURITY WEEK
5. 5
Day 3: Boisterous Network Users
» On this day, we discussed about unruly users
taking advantage and indulging in malicious
network activities
» Tips to Stay Secure:
• Create means to know who and what connects to
your network
• Keep a watch on suspicious devices in the
network
• Build alerting methods and quickly pull out
information to locate a device
• Restrict and monitor Wi-Fi access
• Maintain data to track device usage history
• Set-up mechanisms to immediately detect and
remediate rogue
SOLARWINDS SECURITY WEEK
eBook: 3 Simple Steps to take
charge of Your Network Access
Security >>
Whitepaper: Detecting and
Preventing Rogue Devices >>
6. 6
Day 4: Resetting Passwords
» Even though it’s simple to reset a user account
password, for an IT administrator like you, who has a
ton of other critical stuff to do, it takes time. And, it’s
definitely no fun at all considering the number of help
desk tickets that you resolve for this task each day.
» Tips to Stay Secure:
• Set up automatic password change reminders that
prompt the end-users in advance of password expiry.
• Provide self-service options to end-users to reset
password using a Web interface.
• Have KB articles built into your help desk software so
that the user gets tips to reset the password on their
own.
• Institute an automated system in place that can help
reset AD password automatically when a user is locked
out of their account.
SOLARWINDS SECURITY WEEK
Whitepaper: Monitor
User Logon Actions >>
7. 7
Day 5: Risks with Unpatched Applications
» There are several reasons, why it’s tough for IT
admins to achieve patch remediation smoothly
and one among those is surprisingly the users
themselves, who never show the lightest of
interests to keep their systems and third-party
applications patched and updated to the latest
versions.
» Tips to Stay Secure
• Auditing systems for identifying missing patches
and vulnerable systems
• Deploying updates systematically in order to
eliminate application vulnerabilities in your
endpoints.
• Automating the patch management process to
ensure the operating systems and third-party
applications are patched in a timely fashion.
SOLARWINDS SECURITY WEEK
Learn more on Mitigating the risks
of Unpatched Applications >>
8. 8
5 Tips to Reduce User Administration on your
FTP Server
1. Authenticate Company Employees Through Active Directory
2. Authenticate External Partners Through a DB Connection
3. Allow End Users to Change Their Own Passwords
4. Send Password Expiration Notifications via Email
5. Allow End Users to Trigger Their Own Password Reminders
DO YOU HAVE OTHER SECURITY CHALLENGES?
• Be sure to check out SolarWinds Security site, or leave your thoughts and comments
below.
SOLARWINDS SECURITY WEEK
9. 9
Top 10 Online Security Tips
1. Don't be Over-Trusting!
2. Strengthen Passwords
3. Beware of Phishing & Malware Sites
4. Keep an Eye Out for Website Certificates
5. Insecure File Sharing: A Vulnerability Gateway
6. Dangers of Insecure Wi-Fi & Unsafe Public Networks
7. Be Discreet with Social Engineering Sites
8. Remove Unused Software, Browser Plug-ins & Extensions
9. Keep Browsers, Third-party Apps & Operating System Up to Date
10. Ensure Your VoIP Communication is Foolproof
SOLARWINDS SECURITY WEEK