2011 April 4 by Hardened I.T.
Believe it or not there is a way to perfectly secure your systems. But before we can answer how to do this we must define what is meant by “perfectly secured”. Perfectly is an absolute condition meaning without exception. If we are going to secure a system to that perfect standard, then we have to remove all possibilities of any access by unwanted individuals or processes. The only way to meet this perfectly secured standard is to power the system off. A perfectly secured system is one that is powered off. This is obviously just plain silly. Or is it? Think about this. A system that is powered off is both secure and green. More about this later.
We all know that powering off our systems is not an option. It defeats the purpose for having the systems in the first place. So this means we must take all reasonable and appropriate measures to prevent our systems from being compromised by hackers, viruses, and other malicious processes that are out there. These measures will be different based on the specific application and environment. For example, in an industrial controls environment, it may be practical to isolate the systems on a network that has no external access whatsoever. However, a web based system by its very nature requires connectivity.
In addition to those reasonable and appropriate measures we must define plans and procedures to prepare for the event that our measures have been circumvented. This just means we should know ahead of time what we are going to do when our systems have been compromised. The most important piece of this is a properly implemented and tested backup and recovery procedure. We can not stress enough the importance of testing the recovery side of our backup procedures. This includes recovering when your backup system too has been compromised.
Now back to the powered off perfectly secured system. We all know that we should turn our workstations off when they are not in use. We do this mainly to conserve power. However, when our workstations are powered off, they are secure during that state. With thin client technology, we have the option to virtualize our workstations (VDI – Virtual Desktop Infrastructure). Thin Client Management Systems offer the ability to power on and off the virtual Desktop as the Thin Client is powered on and off. This functionality offers greater resource utilization on the Virtual Hosts therefore providing a greener and of course a more secure overall solution.
While it may be fine to power off workstations, in most applications it is not an option for our server based systems. So we must do what we can to prevent our systems from being compromised. We must balance the risk with requirements. The key is determining what risk is acceptable and what risk is not. Budget is always an issue but that should not be the driving factor for our security measures.
Contact us – We would love the opportunity to help you secure your I.T. Systems