Egress Switch Best Practice Security Guide V4.x



Similar documents
Egress Switch Client Deployment Guide V4.x

How to Encrypt Files Containing Sensitive Data (using 7zip software or Microsoft password protection) How to Create Strong Passwords

Egress Switch Reader. User Guide 2.3

Egress Switch Client User Guide V4.x

Egress Switch Administration Panel. User Guide

Infocomm Sec rity is incomplete without U Be aware,

BANKING SECURITY and COMPLIANCE

Cloud Services. Anti-Spam. Admin Guide

UMHLABUYALINGANA MUNICIPALITY PATCH MANAGEMENT POLICY/PROCEDURE

IT Security DO s and DON Ts

The following information was provided by SANS and discusses IT Security Awareness. It was last updated in 2015.

Data Access Request Service

A practical guide to IT security

How to access and reply to an Egress Switch Secure free of charge. Opening a Switch Secure New User

Small businesses: What you need to know about cyber security

Information Security Policy. Policy and Procedures

Procedure Title: TennDent HIPAA Security Awareness and Training

Managed Hosting & Datacentre PCI DSS v2.0 Obligations

Network Security Policy

Common Cyber Threats. Common cyber threats include:

UNCLASSIFIED CPA SECURITY CHARACTERISTIC REMOTE DESKTOP. Version 1.0. Crown Copyright 2011 All Rights Reserved

Information Security

The Ministry of Information & Communication Technology MICT

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY

A Rackspace White Paper Spring 2010

Malware & Botnets. Botnets

Achieving PCI COMPLIANCE with the 2020 Audit & Control Suite.

DATA SECURITY HACKS, HIPAA AND HUMAN RISKS

Online Security Awareness - UAE Exchange - Foreign Exchange Send Money UAE Exchange

The Key to Secure Online Financial Transactions

Cyber Essentials Scheme

ENISA s ten security awareness good practices July 09

DOBUS And SBL Cloud Services Brochure

Specific recommendations

Nessus Agents. October 2015

74% 96 Action Items. Compliance

NETWORK AND INTERNET SECURITY POLICY STATEMENT

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

University of Pittsburgh Security Assessment Questionnaire (v1.5)


Avoiding Malware in Your Dental Practice. 10 Best Practices to Defend Your Data

How to complete the Secure Internet Site Declaration (SISD) form

Sticky Password 7. Sticky Password 7 is the latest, most advanced, portable, cross platform version of the powerful yet

ICT OPERATING SYSTEM SECURITY CONTROLS POLICY

Avoiding Malware in Your Dental Practice. 10 Best Practices to Defend Your Data

Cyber Essentials Questionnaire

Use of The Information Services Active Directory Service (AD) Code of Practice

Cyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

LIVE CHAT CLOUD SECURITY Everything you need to know about live chat and communicating with your customers securely

NATIONAL CYBER SECURITY AWARENESS MONTH

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

FileCloud Security FAQ

Data Management Policies. Sage ERP Online

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE

University of California, Riverside Computing and Communications. IS3 Local Campus Overview Departmental Planning Template

Dene Community School of Technology Staff Acceptable Use Policy

Information Security Guide for Students

HMRC Secure Electronic Transfer (SET)

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room

Compliance Guide ISO Compliance Guide. September Contents. Introduction 1. Detailed Controls Mapping 2.

Cyber Security for Start-ups: An Affordable 10-Step Plan

National Cyber Security Month 2015: Daily Security Awareness Tips

Implementation Guide

Secure Cross Border File Protection & Sharing for Enterprise Product Brief CRYPTOMILL INC

Security Guide for the BD Remote Instrument Support Solution BD Biosciences workstations

NetWrix Privileged Account Manager Version 4.0 Quick Start Guide

A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards

PASSWORD MANAGEMENT. February The Government of the Hong Kong Special Administrative Region

FormFire Application and IT Security. White Paper

Senaca Shield Presents 10 Top Tip For Small Business Cyber Security

Securing your Microsoft Internet Information Services (MS IIS) Web Server with a thawte Digital Certificate thawte thawte thawte thawte thawte 10.

A Guide to Information Technology Security in Trinity College Dublin

Boston University Security Awareness. What you need to know to keep information safe and secure

FORT HAYS STATE UNIVERSITY CREDIT CARD SECURITY POLICY

How to Use Windows Firewall With User Account Control (UAC)

Cyber Self Assessment

Alert (TA14-212A) Backoff Point-of-Sale Malware

USM IT Security Council Guide for Security Event Logging. Version 1.1

Cyber Security Presentation Cyber Security Month Curtis McNay, Director of IT Security

Central Agency for Information Technology

CYBERSECURITY POLICY

NOS for IT User and Application Specialist. IT Security (ESKITU04) November 2014 V1.0

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

How To Protect Yourself Online

Guideline on Auditing and Log Management

White Paper. BD Assurity Linc Software Security. Overview

Securing your Online Data Transfer with SSL

Transcription:

Egress Switch Best Practice Security Guide V4.x www.egress.com 2007-2013 Egress Software Technologies Ltd

Table of Contents Introduction... 4 Best Practice Installation... 4 System Administrators... 5 Audit Analysis... 5 Key Management... 5 End Users... 6 Password Security... 6 Keys to password strength: length and complexity... 7 Protect your passwords from prying eyes... 7 Common password pitfalls to avoid... 7 Uninstallation (Disposal & Destruction)... 7 Switch Support Center... 9 Useful Contact Information:... 10 Egress Software Technologies Ltd Page 2

Introduction Egress Switch is a simple to use data security solution that allows an information owner to package their sensitive information on any type of media (file attachment to email, CD/DVD, USB stick or drive, FTP site, cloud storage, etc.). The secured information, once packaged can be sent to a recipient either electronically (e.g. email, web, FTP/HTTP etc) or physically (e.g. in-person, mail, etc). The owner can specify security policies independent of the package through a web-based system. Egress Switch also provides an extensive audit trail showing who, where and when information has been accessed as well as unauthorised access attempts. This real time identity based protection enables businesses to extend their visibility over what actually happens to corporate information, while offering the ability to instantly revoke data that is mishandled or suspected lost/stolen. Egress Software Technologies Ltd Page 3

Introduction This document is designed as a guide to implementing and maintaining an Egress Switch secure data exchange infrastructure covering best practice security recommendatory and mandatory policy. Best Practice Installation The following section covers best practice deployment recommendations for the Egress Server Infrastructure, Switch Gateway and Switch Client software. The following guidelines will ensure high levels of security and resilience are maintained. Software Updates Egress Software issue regular software updates to all applications. It is recommended that you ensure that the latest updates are applied routinely where possible. In addition any critical security hot fixes should be applied as a matter of urgency. It is recommended that system administrators subscribe to the Egress 'product updates and service notification' service from within their Switch ID account settings. Please also ensure that all updates are only ever received via an authorised Egress source including http://support.egress.com. Thorough testing should be performed before applying any updates and these will never be applied automatically. Operating System Service Packs & Hot fixes Ensure that all workstations and servers are running the latest service packs and hot fixes from Microsoft. Egress software issue security bulletins and updates to the core installers to ensure that any security relevant updates are applied. Signature verification For MS Windows operating systems it is recommended that signature verification is enabled for applications, services and drivers in the host operating system. For further information please visit the Microsoft web site. Enable Address space layout randomization (ASLR) ASLR is enabled by default in Windows operating systems since Windows Vista. It is recommended that ASLR is enabled for enhanced system security. All Egress Switch components are ASLR friendly and will use the technology if supported by the operating system. Anti-Virus/Anti-Malware Software Ensure that all workstations and servers have up to data Anti-virus software with the latest malware definitions and libraries. Egress Software Technologies Ltd Page 4

Authentication Safeguards Appropriate operating system security must exist on all desktops and servers before Egress Switch is deployed. This includes but is not limited to correct implementation of operating system access controls, network privileges and physical security. Certificates Dependent on configuration, certificates maybe required as part of the core Egress Switch infrastructure installation. Certificates should only be obtained from authorised certificate authorities. System Administrators System administrators of the Egress Switch Infrastructure should receive appropriate training from Egress Software or an authorised partner. Training will cover the following tasks: Day to day management of the Egress Server Infrastructure and Switch Gateway User management including enrolment, deletion and permission changes Policy management Fault finding and log analysis Deployment and management of Switch client software All system administrator actions including policy modifications and user actions are audited and tamper proof. Audit Analysis The Egress Switch Server Infrastructure, Switch Gateway, and Switch Client apps maintain detailed audit logs of security related events, system internal events and performance information. System administrators should perform regular reviews of the audit logs for unexpected events and action investigations accordingly. This should also cover suspected tampering and security related incidents. Key Management Egress Switch uses an advanced key management system utilising AES 256 bit data encryption and SSL authentication. While most key management procedures are performed automatically by the core software there may be requirements for authorised system administrators to perform certain tasks. Egress Software Technologies Ltd Page 5

Egress Switch does not issue asymmetric keys to users but instead uses AES encryption and integrity validation, with pseudo-random keys issued for individual packages. The keys for existing packages can be revoked by sender and/or system administrator using the management interface. User management is performed by authorised system administrators using the Switch Management interface. Procedures should be implemented to control user enrolment, user expiration, deletion and revocation of secure information. Secrets, such as database encryption keys, passwords used by services components, and other long term secrets, are stored by all Switch Server components and Gateway in keychain.xml file. Using the keychain utility provided, system administrator may add new encryption keys when the existing keys are at the end of their service life or in the event of potential compromise. End Users The Egress Switch client software has been designed to integrate with existing systems and applications without the requirement for elevated system privileges. Egress Switch will be seamlessly integrated with existing business processes and applications. It is however recommended that end user receive a basic level of training on how to send secure email and files covering best practice and how to spot potential security vulnerabilities. Egress Software provide a number of user guides, frequently asked questions and useful video tutorials http://www.egress.com/support/. It is recommended that organisations also embrace their own tailored training and awareness campaigns prior to deployment to spot potential security threats like suspicious emails, phishing attacks and system malfunction. It should be ensured that users have the minimum level of privileges to perform their tasks. Clear procedural documentation should be provided to all users detailing how security awareness, how to use the software and how to spot potential security problems/breaches. Clear direction should be given as to how security incidents should be reported and audited. Password Security Passwords are required in various components of both the Egress Switch core infrastructure setup (service accounts etc) and in general use by users of the system to secure Switch IDs. Egress Software Technologies Ltd Page 6

Strong passwords should be used, and be mandated in the Egress Server Infrastructure policy, according to the following guidelines: Keys to password strength: length and complexity An ideal password is long and has letters, punctuation, symbols, and numbers. Whenever possible, use eight characters or more. Don't use the same password for everything. Cybercriminals steal passwords on websites with very little security, and then they try to use that same password and user name in more secure environments, such as banking websites. Change your passwords often. Set an automatic reminder for yourself to change your passwords on your email, banking, and credit card websites about every three months. The greater the variety of characters in your password, the better. However, password hacking software automatically checks for common letter-to-symbol conversions, such as changing "and" to "&" or "to" to "2." Use the entire keyboard, not just the letters and characters you use or see most often. Protect your passwords from prying eyes The easiest way to "remember" passwords is to write them down. It is okay to write passwords down, but keep the written passwords in a secure place. Common password pitfalls to avoid Cyber criminals use sophisticated tools that can rapidly decipher passwords. Avoid creating passwords that use: Dictionary words in any language. Words spelled backwards, common misspellings, and abbreviations. Sequences or repeated characters. Examples: 12345678, 222222, abcdefg, or adjacent letters on your keyboard (qwerty). Personal information. Your name, birthday, driver's license, passport number, or similar information. Uninstallation (Disposal & Destruction) In the event that you need to uninstall Egress Switch software, careful consideration should be given to decommissioning the various components. Egress Software Technologies Ltd Page 7

Egress Switch Server Infrastructure: The Egress Switch Server Infrastructure is the core component for a Switch Installation. The server infrastructure holds key encryption data, policies and user credentials. While all data is stored in encrypted format consideration should be given to appropriate end of life decommissioning. An uninstall can be performed from Add/Remove Programs/Program Features that will securely remove the complete infrastructure. Important Note: The Uninstallation of Egress Server Infrastructure cannot be reversed so please proceed with caution and ensure appropriate data backups have been performed and checked. Egress Switch Gateway: The Egress Switch Gateway can be uninstalled using Add/Remove Programs/Program Features. As Switch Gateway does not hold persistent encryption keys this can be uninstalled securely and reinstalled if necessary. Egress Switch Client: The Egress Switch client can be uninstalled cleanly and securely using Add/Remove Programs/Program Features. Egress Software Technologies Ltd Page 8

Switch Support Center Should you encounter any problems with Egress Switch please visit the Egress Software Technologies Ltd Support Center www.egress.com/support. Egress Software Technologies Ltd Page 9

Useful Contact Information: Egress Main Switchboard: +44 (0)207 624 8500 Egress Fax: Egress Website Address: Egress Sales: Account Services: Support: Follow Egress Online: +44 (0)207 624 8200 http://www.egress.com sales@egress.com accountservices@egress.com support@egress.com Twitter Facebook LinkedIn Egress Blog Egress Software Technologies Ltd Page 10

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information