Enterprise 2.0

Web 2.0 security measure checklist


With the proliferation of Web 2.0 technologies, networking has undergone a paradigm shift and so has the threats to the workplace. As more and more people take to the social networking space, more and more data becomes available to hackers to target their attacks. Read this early story at News.com for a glimpse of personalized attacks.

In this context, I am reproducing the list of measures mentioned at TechNewsWorld.com. The list is divided into three sub-class of measures.

Basic steps to strengthen defenses in a Web 2.0 world include the following:

  • Continued Education of Computer Users
    • Don't click on strange links (avoid tempt-to-click attacks)
    • Do not release personal information online
    • Use caution with IM and SMS (short message service)
    • Avoid social networking sites
    • Don't e-mail sensitive information
    • Don't hit "reply" to a received -email containing sensitive information
    • Require mandatory VPN (virtual private network) use over wireless networks
  • Host-Based Technology
    • Require hard drive encryption on all laptops
    • Control the use of portable storage media by managing desktops
    • Require the use of personal/desktop firewall software
    • Require the use of personal/desktop anti-malware software
    • Consider implementing document management systems
  • Network-Based Technology
    • Deploy network intrusion prevention (IPS)
    • Consider network admission control (NAC)
    • Implement information leakage detection and prevention
    • Consider IP reputation-based pre-filtering solutions

How does your enterprise's security measure up to the list here?

2 comments
john
john

If there was ever a time or place to consider thin client computing, it is with emergence of Web 2.0 within the enterprise. With the advantage of no availability to store new information on a local hard drive on thin clients and data stored from Web sessions are saved to the server, effort and dollars relative to security of the enterprise can be focused at the server level. With SaaS becoming a widely accepted concept and cellular broadband communications becoming more affordable in the future, the necessity of the fat client laptop even will fade over time. Thin client mobile devices appear to be a part of the new paradigm where security trumps mobile independent productivity in the long run.

pr.arun
pr.arun

How does your enterprise measure up in the checklist of Web 2.0 security measures?