Question: How do you think this situation could have been prevented? Could the IT department have conducted regular inventories of the software on each computer to identify missing patches? Could the IT department have implemented a process to ensure that no computer is moved outside the boundaries of the firewall?
There are steps that the IT department could have taken to avoid the situation that occurred. There should have been policies in place to ensure that antivirus/malware software was installed on the computer before it was allowed to connect to any network. A machine build checklist could be implemented to where after a computer is initially setup with appropriate operating software, all relevant applications needed would then be installed, including the antivirus software. The endpoint protection software could be installed in a standalone mode if the system being deployed was not going to be part of the larger domain network or if it was going to be used for short term testing. Otherwise it could be deployed from a central management server. It would at the very minimum have that protection on it. Most antivirus vendors have auto update features in their software so that in the event the virus definitions become outdated the software automatically checks in to download the latest definitions.
Proper operating system patching would have to be done as well to reduce the risk of software vulnerabilities. Patching could be done from an internal update server like Microsoft’s WSUS server so that a connected system would contact the internal server at a scheduled time and pull down the appropriate updates it needs for the software that is installed. There are also many third party tools, like GFI’s LanGuard, that can be used to scan systems for vulnerabilities and patches and install them on demand without having to wait for a scheduled time to download (GFI, 2012).
There are several ways you can try and lock down a network so...