Application Security: part 1
Early this year, the A-Team challenged us all in regard to application security and what it actually means to be secure on the internet. Going into this topic, we thought it would be rather straightforward and quick to respond with a series of “To-do” topics and “Best Practices”. While those posts are important, we need to understand the current trends and perhaps where technology is taking us. Furthermore, not knowing the direction that the community would take us in terms of questions and suggestions, it became clear that many followers had the idea of being secure on their computer was an assumed thought or practice. Clients and prospects alike have engaged Antares to help better understand what it means to be secure within their individual networks and more specifically, “how is my site protected?”. That combined with the many breaches in security of late, bringing additional awareness to this growing issue is relevant.
You may or may not receive a prompt to update your current version, etc.; but let us remind you: Java Powers Our Digital World. Software, literally, is everywhere. It is probably safe to say that we often forget that the technology is even there. A quick exercise: right now, wherever you are, consider what is a critical driving force to the things around you. Certainly, electricity is, but how are all of those electronic gadgets around you doing something? The pointed answer is many applications, software modules, and code all designed to make things do stuff. Remembering to update your system applications is critical to help mitigate known vulnerabilities and hacks.
Regardless of the chosen operating system that you use, it is imperative to keep the core system updated as suggested. Many enterprise systems have dedicated IT teams and implemented regulations to ensure that updates are provided when appropriate. The systems will push updates to the connected operating systems via approved internal processes to include critical update testing, suggested updates review and testing. If your situation is not as complex and you are using the latest modern operating systems, updates become an automated event and are applied on shutdown or via schedules. Otherwise, it’s best to monitor your operating system update catalogs to identify release schedules, patches, critical updates and more to apply to your system. An example for Microsoft is found via the web utilizing the Microsoft Update Catalog.
Yes, we can still assume that many of you are using browsers for web traffic. Just joking but on a serious note, to be completely transparent and fair to the topic at hand, we must understand that we are no longer in an era that we can afford to assume the applications on our computers are safe to actually use. Did you know that according to Microsoft’s worldwide lead for cybersecurity, Chris Jackson, the Internet Explorer (IE) application is actually considered as a ‘compatibility solution’ for users to interact with legacy systems. Furthermore, such use within an enterprise environment should be avoided and modern browsers chosen over IE while connecting to modern web applications. This will be a hard challenge for many to implement; however, Antares encourages the use of Chrome with all of our clients as it provides a simple way to interact with the web. Chrome also provides efficient and automatic updates to its application which helps to safeguard against known and emerging web vulnerabilities. If Chrome is not your fancy, there are indeed other modern browsers worth evaluating. Monitoring the Can I Use site, you may find that a particular browser is more secure or even offer features that are most important to you and worth trying. Let us know your thoughts on which modern browser you utilize and why.
Every user of a system is a potential risk. Humans are prone to error and thus we need to help safeguard environments. Through the years, data was protected by read/write permissions and often times deleting was replaced with soft deletes and other extravagant processes. As an added benefit, this also helps protect unauthorized data access and manipulation. We can elaborate more on this and implement version tracking per file, data backup policies and more to help preserve our data. Furthermore, we learned that it was important to create user identities complete with user accounts, passwords, two-form factorization and more. Today, we can implement bio-technologies to authenticate our system users and more. Regardless of the scenario, we advise all of our clients to have a solid security system in place and adhere to it. What does this mean? For starters, enforce a password policy to all system accounts. Users should have unique passwords that … yes … expire. Modern browsers have utilities to help ensure passwords are created using strong algorithms, following best practices, and helps to remind users to update or stop using the same password for ‘everything’. Again, we must be proactive to help mitigate risk.