Yesterday I spent some time on how to stay safe on Cyber Monday. That was focused on all you shoppers and friends-of-shoppers out there. Today let's talk about how to keep your company network safe during the holiday shopping season.
Regardless of how much personal Internet use you allow in your network, you will probably have users who are thinking about shopping. When you're reviewing security for the network, it's a good idea to review the consumer-side security that we talked about yesterday. Workstations hardened, best-practices in place, security-awareness, that sort of thing. You don't want to harden the network only to find that one of your users has joined a botnet with his workstation. Eesh.
You may have an idea of who your little shoppers are, but monitoring your internal traffic is good way to keep up on who's doing what. If you don't allow personal surfing on the network, monitoring internal traffic is one way to enforce that policy. If you do allow personal surfing, then monitoring becomes a way for you get a heads up on the power-users. The ones who are visiting shopping and “daily deal” sites all day are the ones most likely to fall prey to a scam. I'm just sayin, it's a numbers thing.
You might also want to monitor your bandwidth more closely during the holiday season. You'll probably see a spike in traffic just due to the increased visits to media-rich sites, but anomalies should be investigated. You should be doing this at all times anyway, as it's a good way to discover a stealth attack on your network. (See here for an example) If you aren't already doing it, the holidays are a good time to start.
Holidays are also a good time to review your firewall rules. Or at least the holidays are as good a time as any other. Firewall rules have a tendency to get stale, which means that the rules weaken over time. Look for any conflicts, gaps, and so on. Use your monitoring data to inform your new ruleset.
While you're looking at your firewall, check to see if your firmware is up to date. Are you missing a security fix? Check your other electronics for updates as well.
There are plenty of other devices, policies, and configurations you might want to be checking during the holiday season. That sounds like a good end of year series. 🙂
Barracuda offers a range of security products including the Barracuda Web Filter and the Barracuda NG Firewall. Check out the entire line of Barracuda products on our website. Sign up for a 30-day risk-free evaluation unit here.