I guess a personal firewall solutions for critical desktop is missing....
Again we have listed down all technical points...
Remember you Network is as secured as your waekest link Many a times Humans form this weakes link...
So any best practice which ignores User training / awareness shall fall short of a complete defense program.
Also a mention has to be there for backup solutions aswell.... Remember the three fundamentals of Information Security...
Confidentiality
Which will include
IntegritySwap out Outlook Express for an alternate mail client. Perhaps Eudora or (my suggestion) Thunderbird.
- Install a proxy, and block outbound connections from the machines themselves.
- Disable all unneeded desktop shares.
- Disable booting to removable media in the BIOS
- Password protect the BIOS configuration.
- Lock cases that have the ability to, and favour cases with such security features over ones that do not when looking at upgrading.
But we missing on the availailty front...Configure desktops to log to a central logging server.
- Utilize SUS to handle automated critical updates.
- Set domain and local machine policies to restrict logon hours, local logons, etc.
- All desktops should be set to lock the desktop after 10-15 minutes of inactivity.
- Centralize and Homogenize the AV for the network. Consider alternatives to Symantec AntiVirus, as it does not update as frequently.
I guess it should include following
A proper backup solution for backing up the systems to the last good use... Proper backup of critcal files on a separate network Server...
Proper network design to ensure high uptime....
Dependance on trusted carriers in event of mobile communications....
Reply With Quote