8. Maintain logging and audit trails of network usage of these devices. Your documentation should say what you are going to do to protect these devices. You should follow through on your plans, and then have the complete logging and audit trail to prove that you did so.
As networkable non-PC devices become more plentiful and powerful, and more vulnerable to attack, the threats they pose to confidential data will grow. Now is the time to inventory and prepare. In order to protect that data, organizations need to update their policies and procedures to reflect the changing nature of these non-PC devices. Organizations need to control access to these devices and put in place the proper defenses against attacks that attempt to use them as penetration points.
Ira Victor, GIAC/G17799/GPCI/GSEC, is a security auditor and compliance specialist with Data Clone Labs in Reno, NV. He holds security and audit certifications from The SANS Institute. Mr. Victor makes frequent media and conference appearances on privacy and security. He is a founding board member of Sierra Nevada InfraGard, an FBI-sponsored security organization, and is co-founder of the SDForum Security Special Interest Group.