Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Laptop Security Best Practices

Posted on 2005-05-12
3
Medium Priority
?
448 Views
Last Modified: 2013-12-04
Hello All...

I am in search of a 'best practices' white paper for covering most, if not all, aspects of securing laptops running XP. These laptops will be used 'in-house' as well as on the road. Any and all suggestions will be appreciated.

Thank you...

Neal
0
Comment
Question by:nealmcdonald
  • 2
3 Comments
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 1000 total points
ID: 13987000
NSA's paper on securing XP
http://www.nsa.gov/notices/notic00004.cfm?Address=/snac/os/winxp/winxp.pdf

There are best practices for all sorts of setups, but in this case, I think the bestpractices your looking for are:
1) Having documented policies and proceedure, you can obtain great examples here: http://www.sans.org/resources/policies/
2) Do not let users run as admins of their machines, this can be tougher for laptop users, as they may need to change things on the LT that a normal PC user would not. Try to get them fimilar with RunAs, or maybe try my runas vbe scripts here: http://xinn.org/RunasVBS.html
3) Regular OS and Applicaiton upgrades, such as windows update and office updates.
4) Daily AV scan's and updates
5) A firewall such as zonealarm should be used, as it has an extra layer of protection over other firewalls, in that it can pause/stop process's that wish to act as a server or request access to the NIC that are not approved. ZA will alert with a pop-up of the program's intent, and ask you to approve or deny, if approve is selected, then a password must be entered to allow the action.
6) Going beyond the NSA paper, these are always settings we implement-(can't remember if any of these are listed, I do not think they are)
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/393fa32d-04dd-4a15-b23d-3fc2b8558882.mspx
Turn off the following services, "remote registry", "messenger", "secondary logon" and set to disable
Go to LanMan level 2 (actually it's 3... 0, 1, 2) http://support.microsoft.com/kb/q147706/
7) Enable more than the default logging events! very important, and even more important is Auditing them!
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/5658fae8-985f-48cc-b1bf-bd47dc210916.mspx
-rich
0
 

Author Comment

by:nealmcdonald
ID: 13988784
richrumble,


Thanks! The links are what I was looking for. I will research them today and then either post a follow up question or else close this thread tomorrow.

Neal
0
 

Author Comment

by:nealmcdonald
ID: 13995084
That is exactly what I needed. The NSA papaer on securing XP is great. And of course SANS is a killer place for just about anything security related. Thanks so much richrumble.

Closed...

Neal
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?

569 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question