How To

Cheap IT Security? The Tools Were There All Along

Fortunately, there are plenty of cheap tools to ensure a solid defense. Some of these tools have been in the arsenal all along, but you never knew it. (Part four in a series: How to Manage Security in a Recession)

By Bill Brenner, Senior Editor

July 16, 2008 —

About this series: Smaller staff. Deflated security budgets. In-store thievery. When economic times are tough, these are the things security pros must contend with. In this ongoing series, CSOonline looks at ways to ensure the best security possible during a recession.

Jeremy Moskowitz calls himself the king of free. He's built an entire business around the notion that IT can be done on the cheap without damaging quality or security.

Given the current state of the economy, the self-described "chief propeller head" of IT consultancy Moskowitz, Inc. is finding that his do-it-for-free philosophy is a lot more popular than it was even a year ago, when there was more money to go around and companies were looking to buy top-of-the-line IT products - including the latest and greatest security tools.

With recession on the horizon, security pros in particular are searching for ways to control costs without letting their company defenses crumble in the process.

"Reducing the number of systems that require safeguards and controls means fewer anti-malware licenses, less patch management time, less backup space for recovery, and fewer security tokens"

Security Architect James DeLuccia

Many have found they can maintain strong security with a litany of low-cost or free software programs. But, Moskowitz says, many companies already have all the necessary security muscle without realizing it. And much of it resides in the Microsoft's Active Directory, which is being used by a vast majority of organizations.

"If you want cost effectiveness, you already paid for it. You have the Ferrari, now learn some stunts," he says. For example, he notes, Microsoft's Group Policy has 21 functions to manage access, lock down services and block malware. But most people don't know how use them very well. "That's why I have this job," he says, half-jokingly.

Microsoft security for the taking
Given all the attacks that have targeted Microsoft security holes over the years, some might find Moskowitz's position hard to swallow. Though Microsoft has poured an endless supply of money and manpower into security in the last six years, the bad guys are still finding ways to target the software giant's user base. Just last week Symantec Corp. was sounding the alarm over fresh attacks against a flaw in Microsoft Word.

Though the security challenges continue for the software giant, Moskowitz says it would be silly to discount the variety of ways Group Policy and other features can be used to bolster defenses for free.

One example of a tool waiting to be exploited is Microsoft's Group Policy Preference Extensions (formerly PolicyMaker Standard Edition and PolicyMaker Share Manager by DesktopStandard).