Windows end-user devices include desktops and laptops, hybrids and tablets but we'll use workstations to refer to all non-server Windows computers.
Workstations are just as important to the security of your organization as servers. Of course an insecure workstation only directly impacts one user in most cases while a server can impact thousands. But interestingly all of the biggest breaches in recent times have started with a compromised workstation – not a server.
Even though servers and workstations run essentially the same Windows operating system; securing workstations is very different than servers. The key differences that impact security include:
- Lack of physical security for workstations in general, mobility of laptops and tablets
- Interactive GUokI usage of workstations compared to unattended background services dominant on servers
- Workstations have much more interaction with untrusted websites and parsing of Internet content
- Workstations are used by less security conscious and less technical end-users
Hardening servers is primarily about reducing attack surface and keeping remote users from breaking outside the resources and services they are supposed to access. Since trusted administrators are the only ones logging on interactively and then only for specific administrative tasks, interactive security is much less of an issue on most servers. Hardening workstations on the other hand is very much about protecting end-users from themselves. With servers you can usually depend on some level of physical security whereas workstations are usually not in a secure computer room and may even be mobile. And there are usually many more applications installed on workstations than your typical server.
So workstation security is actually more complex than server security.
In this real training for free webinar ™ I will share the top controls you should consider implementing on workstations. I've built this list from my IT audit/assessment practice, research and common desktop security standards like the Federal Desktop Core Configuration (now USGCB). Here are some of the things we'll cover:
- Secure BIOS
- Control local accounts
- Unattended workstation control
- Encryption
- Enable Auditing
- Anti-Malware
- Patching
- Track new programs
- Internet Explorer security configuration
- Security settings in other apps
- Network, Firewall and Remote Access
- Certificate Authorities
Something else that makes workstation security more complicated is the sheer number of workstations and how they “come and go” on your network. That's were our sponsor, Dell KACE, comes in to show how KACE system management appliances can automatically discover and manage all the systems on your network – automating the laborious work of securing workstations.
Don't miss this real training for free ™ event. Please register now!