Workstation/Endpoint Audit

pma111
pma111 used Ask the Experts™
on
First off, can anyone tell me what an "endpoint" is, and how it differs from a desktop/laptop. And how does a "workstation" differ from a desktop/laptop.

Secondly, what should.could be included in a workstation/endpoint "IT Audit", what key issues need to be reviewed at desktop/workstation/endpoint level, i.e key risks, management issues, operation issues etc. Corporately we have over 5000 "desktops" all currently XP latest SP, and several hundred "laptops" (again XP). Security is one issue we want to address but there must be many others.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
IT Regional Manager - UK
Commented:
endpoint is a means of connecting external devices to/from your ports on IT systems such as DVD/RW, USB memory stick or drive, or pretty much any removable appliance that can be connected to a system.  hence most end point security software can be used to prevent a whole host of connections on all PC's being used to communicate within a network.

workstations are typically a desktop, but some companies use the term to describe all user systems.

typical report would look at endpoint security, password policies, anti-virus software & management, patch management, service monitoring, server maintenance, risk assessment, external security, firewalls, backup procedures and external services.  Perhaps some disaster recovery planning included too.

Author

Commented:
Thanks for the feedback, will leave it open for other input.
Could you clarify the following for desktops - and how they'd be assessed:

service monitoring,
server maintenance,
risk assessment,
external security,
external services
Iain MacMillanIT Regional Manager - UK

Commented:
the first 2 would not normally apply to desktop/laptops, more the back-end services & servers.

Risk assessment would be looking at password policy, security of the area where the systems are, level of security used to access systems such as swipe cards, secure memory keys, biometrics, how easy is it to get to your data or onto your network.  It can really depend on if you are doing this yourself, or an external entity is doing it on behalf of your company.

External security would cover physical building and IT server room access, firewall and internet services, remote access/VPN services etc.

External Services would be other communication links, phone/VOIP lines, mobile/Blackberry access, internet and other such facilities.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial