Laptop Security Best Practices

Hello All...

I am in search of a 'best practices' white paper for covering most, if not all, aspects of securing laptops running XP. These laptops will be used 'in-house' as well as on the road. Any and all suggestions will be appreciated.

Thank you...

Neal
nealmcdonaldAsked:
Who is Participating?
 
Rich RumbleSecurity SamuraiCommented:
NSA's paper on securing XP
http://www.nsa.gov/notices/notic00004.cfm?Address=/snac/os/winxp/winxp.pdf

There are best practices for all sorts of setups, but in this case, I think the bestpractices your looking for are:
1) Having documented policies and proceedure, you can obtain great examples here: http://www.sans.org/resources/policies/
2) Do not let users run as admins of their machines, this can be tougher for laptop users, as they may need to change things on the LT that a normal PC user would not. Try to get them fimilar with RunAs, or maybe try my runas vbe scripts here: http://xinn.org/RunasVBS.html
3) Regular OS and Applicaiton upgrades, such as windows update and office updates.
4) Daily AV scan's and updates
5) A firewall such as zonealarm should be used, as it has an extra layer of protection over other firewalls, in that it can pause/stop process's that wish to act as a server or request access to the NIC that are not approved. ZA will alert with a pop-up of the program's intent, and ask you to approve or deny, if approve is selected, then a password must be entered to allow the action.
6) Going beyond the NSA paper, these are always settings we implement-(can't remember if any of these are listed, I do not think they are)
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/393fa32d-04dd-4a15-b23d-3fc2b8558882.mspx
Turn off the following services, "remote registry", "messenger", "secondary logon" and set to disable
Go to LanMan level 2 (actually it's 3... 0, 1, 2) http://support.microsoft.com/kb/q147706/
7) Enable more than the default logging events! very important, and even more important is Auditing them!
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/5658fae8-985f-48cc-b1bf-bd47dc210916.mspx
-rich
0
 
nealmcdonaldAuthor Commented:
richrumble,


Thanks! The links are what I was looking for. I will research them today and then either post a follow up question or else close this thread tomorrow.

Neal
0
 
nealmcdonaldAuthor Commented:
That is exactly what I needed. The NSA papaer on securing XP is great. And of course SANS is a killer place for just about anything security related. Thanks so much richrumble.

Closed...

Neal
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.