How to improve security

How to improve security

Enforce the basics. Look for easy ways to do more. Fully exploit the technology you have.

General tips

Let’s take the existence of a security plan, budget and responsible managers for granted. Let’s also assume that you’ve got the basics, such as anti-virus, intrusion detection, firewalls etc., covered. Here are some general tips and suggestions that might be useful add-ons:

• Make sure you’ve covered the basics. Every institutions’ security plan will include the basics but it is worth revisiting them and checking that they are still fit for purpose. They include anti-virus, firewalls and software updates on client machines and boundary firewalls as well as server anti-virus, intrusion detection, access controls and physical security. For more details, download the UCISA ICT Security Checklist:
  (www.ucisa.ac.uk/publications ).
  
  
• Control rogue wireless networks. It is very easy to set up an unmanaged wireless network – simply plugging a wireless access point to an existing network socket will do it. Make sure everyone understands the security implications involved and, if appropriate, ban the use of unmanaged access points.
  
  
• Get advice, alerts and warnings. The government’s Centre for the Protection of National Infrastructure (www.cpni.gov.uk ) has detailed advice about physical security and it also issues regular IT security alerts via an RSS feed.
  
  
• Audit your resources. Most security plans start with an audit of risks and assets to protect. Don’t forget to audit your resources – the things that can help. For example, you might be able to use student organisations to communicate security advice or you might have access to software licences (bundled with new hardware) that you aren’t using.
  
  
• Review your standard disk image. HP computers come with a range of HP ProtectTools security software. Rather than automatically installing a generic disk image, consider incorporating some of these tools into your standard image. Many of the tools have their origins in third-party software that you can also install on non-HP kit. Of course, switching to an all-HP fleet simplifies the problem even further.
  
  
• Consider open source solutions. For example (and this is not a recommendation), you might consider using an open source anti-virus program, such as ClamWin, on PCs and notebooks.
  
  
• Free advice for students. The government’s Get Safe Online website
  (www.getsafeonline.org ) has useful IT security advice for students and end-users. You could link to it from your own website or use it as a resource for helping students address security concerns.

How HP can help

HP computers and thin clients have a range of built-in features that enhance security. However, we find that colleges and universities often fail to take advantage of the technology they have paid for. A typical example is buying PCs with Intel® vPro™ technology but not enabling the management software to use it. This section looks at some of the resources and technology available from HP and how to get the most out of it. Of course, the more HP kit you have and the more widely deployed Intel® vPro™ technology is, the easier life becomes.

• Control access to sensitive data using remote clients. Switching to HP Remote Client Solutions and HP Thin Clients leaves no data at all on the thin client. Even if a terminal or HP Mobile Thin Client is stolen, there is no data on it to be compromised. Instead, everything is stored on well-managed, properly backed-up central file servers.
  
  
• Prevent data loss with conventional PCs. HP ProtectTools software can reduce the risk of data loss. The suite includes HP Credential Manager and HP Authentication Services (to manage logins), HP Device Manager (prevents copying to removable media) and HP DriveLock (whole disk encryption). There is also a version of HP ProtectTools for Windows Mobile devices, such as iPAQs, which can make them more secure and manageable. When it comes to recycling, HP Disk Sanitizer is built into the BIOS so you can securely erase all the data on a PC before handing it over. Combined with fingerprint scanners or smart card readers, HP hardware and bundled HP ProtectTools software can make the job of managing security much easier.
  
  
• Reduce the pain of laptop loss. Academics and admin staff want flexibility, and notebook PCs let them work wherever they want. But laptops get lost – it is inevitable. The important thing is to prevent thieves accessing the data stored on them. HP Mobile Thin Clients give you a remote client alternative to conventional laptops. Using Wi-Fi or (optionally) 3G Mobile Broadband to connect to a remote client, they have no local data. For conventional notebooks, HP DriveLock provides whole-disk encryption.
  
  
• Protect against malware. HP computers that feature Intel® vPro™ technology have an extra line of defence against malware. The technology includes programmable hardware network filters that scan incoming and outgoing network traffic for viruses. Hardware network control can isolate an infected computer while leaving open a secure channel for administrators to fix the problem by remote control.
  
  
• Simpler management. HP ProtectTools and Intel® vPro™ technology integrate well with HP OpenView management software. Intel® vPro™ technology can warn systems administrators if management software is deleted or disabled and, of course, it makes it easier to fix many problems by remote control. This is especially valuable on wide campuses where desk-side technical support requires a long journey from the IT department. Its ability to control power settings remotely makes it easier to install security patches and updates across a large estate.