Managing and Securing Endpoints Bruce Hotte Chief Information Officer Jeff Swan Network Supervisor  The definition of “endpoint” used to be simple: a desktop workstation. But today’s environment is far more complex. Laptops, mobile devices, teleworking, outsourcing – all of these add tremendous complexity to the challenge of keeping systems and data secure. This session looks at the latest strategies and solutions being used in the public sector.

 1– Protecting Data on Desktop and Tracking ◦ - Virus Protection ◦ - Firewalls ◦ - Desktop Protection ◦ - Encryption  2 – Protection  3 – Why?

 - Enterprise Virus Protection  Why important?  ePolicy Orchestrater  Benefit to Agency and our Local Health Department’s workstations and servers.  Centralized notification of virus outbreaks, out of date clients, definition files and rogue systems (computers with no anti-virus client). -Update Process  Each day at 6:00 AM to download to Server.  Workstations and servers then connect to the ePO server each day to obtain update, if needed.

- Importance of firewall. - Many options. - We went with Windows Defender and Windows Firewall for spyware blocking and protection as we moved to Windows Vista.

 Why protect more?  Remote Staff  Stolen or missing Equipment  Asset Management  Software Management  Cost  Computrace helps combat the security risks associated with computing assets, and the asset management challenges they pose.  Recovery protection  Remote kill

 Absolute Software’s product line is based on the patented Computrace Technology Platform.  This client/server architecture provides secure, client- initiated IP-based communications between the Computrace Agent and the Monitoring Center.  The Computrace agent resides on the hard drive, or, ideally embedded in the Basic Input Output System (BIOS) or firmware of the host computer.

 - Compliance – Adherence to all applicable mobile data protection regulations, with an easily accessible audit trail  - Protection – Protecting data on mobile computers includes encryption, strong authentication and the ability to remotely delete sensitive data on stolen devices  - Recovery – Recovery of lost or stolen devices returns them to the control of the organization and facilitates prosecution.  By adopting the CPR approach to laptop security, government agencies can minimize the impact of computer theft, while complying with privacy regulations.

 - Protect data on your pc’s, laptops and external devices.  Mandated by Executive Order  Sensitive data  SafeBoot – How did we do it.  Used SafeBoot AutoBoot\AutoLogin method to get started and protected quickly.  Deployed through Windows Group Policy.  Beginning to move toward SSO and Content Encryption.  Put less data on Laptops. Do more work in the Data Center. Citrix is a possible solution. This is a very important when you discuss DR and teleworking.

 Why important?  What is the only application that everybody uses?  GFI MailSecurity is a comprehensive content checking and anti-virus solution to safeguard your mail server and network. GFI MailSecurity acts as an firewall and protects you from viruses, exploits and threats, as well as attacks targeted at your organization.  GFI MailEssentials is an enterprise level anti-spam solution. GFI MailEssentials offers spam protection at server level and eliminates the need to install and update anti-spam software on each desktop. This tool is and will always be very important to the Agency in protecting us from Spam, which some say may become worse than viruses. 

 We received a total of 477,288 pieces of mail from until Of those, 1,786 were virus and attachment blocks and 335,109 were spam. Legitimate mail delivered to users was 140,393. These numbers indicate that 78% of the received was blocked due to spam and viruses.  Will you be able to stop all spam?  Can you avoid Spam?

 Why important:  HIPAA  Sensitive Data  - ZIXVPM (Virtual Private Messaging) applies encryption to sensitive outbound . The ZIXVPM device to examines and automatically encrypts that meets a predefined set of criteria.  - We are using ZixCorp services to protect our and ensure all Protected Health Information remains confidential.  - Secured communications easy. ZixCorp services enable us to send encrypted to anyone, whether they are ZixCorp customers or not. Secure e-messaging is not just a government mandate; it's a practical way to do business.

 The content of all outbound messages are scanned and compared against two  lexicons, or dictionaries.  - Identifier Lexicon has a criteria of identifier information  example: Social Security numbers  - HIPAA Lexicon contains HIPAA terminology  example: a health condition/disease  The content of the message must meet a criteria defined in both lexicons for  encryption to occur.   Example 1: Message will be encrypted if message or attachments  contain a Social Security number and a name of a disease.  Example 2: Message will not be encrypted if message or attachments  only include a Social Security number.  Example 3: Message will not be encrypted if message or attachments  only include a name of a disease.

 ODH has also enabled “keyword encryption”. Anyone can send an encrypted by using the keyword. The keyword must be the first word in the subject line.  When the user receives the encrypted message and if they are not a ZIX customer, they will need to follow a registration process. The process part of the message they will receive in their inbox. If they are a ZIX customer, the message should go directly to their inbox.

 - Why do we seem in business and in life to wait for bad things to happen to us before we take action?  - Did I get a good backup?  - Where is my laptop?  - Where did that go?  - Is your power on? Take a look at yourself and your organization.