Unauthorized software installation is a serious problem that opens the door to several cyber attacks including keystroke loggers, trojans and malware. This issue is especially a problem with Windows operating systems that allow local administrator access by default and support file systems such as FAT32 which offer no real access control features.
Unauthorized software installations create other problems for the organization, such as legal liability if employees download and install software that is not properly licensed by the software vendor. There are many “free download” software outlets on the Internet such as “Pirate Bay,” and downloads accessed via torrents and other forms of peer-to-peer software, which can result in severe copyright penalties and legal fees should an employee download, install and use illegally obtained software.
Personnel training and awareness in this area can help in preventing illegal software installations, and malware infections such as through trojans, which are programs that appear useful while also including malicious code which compromises the system and exposes the entire company network to risk from the outside.
Although personnel training helps, organizations must ensure that unauthorized software installations do not occur, by establishing a policy against such installations along with a list of software approved by the organization. All company computers must then be configured to prevent unauthorized software installations through mechanisms such as Windows Applocker or SRP (Software Restriction Policies) that block unauthorized software installations.
Contact us to learn more about how our managed security services can decrease risk by configuring and maintaining security policies that are right for your organization and prevent rogue software installations.
The final post in this series explains how cross-site scripting attacks occur, the risk they pose for your organization, and what you can do to ensure that cross-site scripting attacks do not compromise your information security.