Solved

Best Practices for Workstations Win7

Posted on 2014-12-04
7
131 Views
Last Modified: 2014-12-16
Hey guys,

 I was wondering what you guys thought are some good best practices for overall security at the office.

We have Win7 machines at Server 2012.

-enable pw complexity
-change pw 90 days
-lock screens after 15 mins

what else do you suggest?
0
Comment
Question by:Cobra25
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 12

Accepted Solution

by:
andreas earned 167 total points
ID: 40482288
- MOST important: Keep your software up to date (security patches, OS, Browser, Browserplugins, PDF, JAVA and Office as the most attacked pieces of software on the clients)
- A decent AV-Solution on each client,  different one on the server.
- A firewall at the border to the internet
- regular backups
- encryption of sensitive data.
- disable local admin accounts/ dont give admin access to users
0
 
LVL 58

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 167 total points
ID: 40482290
Always use a software firewall.
Antivirus is still important.
Run regular security scans (nessus, languard, openVAS, etc)
Run the Microsoft Baseline Security Analyzer.
For servers, run the various BPAs for each role.
Filter outbound traffic at your network edge, not just inbound, many UTMs default to allow all out. Locking down and getting better telemetry helps you see outbreaks far more quickly.
If your UTM doesn't have an IDS, run one separately, such as Snort.

Those are a few basic steps. From there, each environment has its own needs and demands, so recommendations that are universal get more difficult.
0
 
LVL 7

Expert Comment

by:Thomas Wheeler
ID: 40482291
Those are some good general practices. Also setting up Antivirus, firewall , application install remote access and sharing policies. Also check to see if your organization handles data that has special requirements that are regulated by a third party set of requirements like hippa or international security.
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 81

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 166 total points
ID: 40482301
The very most important item is users run as STANDARD USERS and not administrators.
Mitigated 94% of all O/S related exploits and 100% of IE exploits from Microsoft own data collection statistics
0
 
LVL 4

Author Comment

by:Cobra25
ID: 40482303
thanks guys. i was looking strictly from a pc perspective. av + updates are already done.
0
 
LVL 92

Expert Comment

by:nobus
ID: 40482368
locking screens after 15 minutes gives still ample time to meddle - cut it down to 1-2 mins
also - if you want to be protected from copying data  -disable USB
keep all data on servers
0
 
LVL 55

Expert Comment

by:McKnife
ID: 40482378
Cobra, you would get better answers if your question would not be that broad. "Overall security" is everything. We could talk for hours and hours. It also depends on how much manpower you have. For example, I would suggest to deny internet access to the clients and switch to remoteapp usage for internet access. This is maybe the best thing you can do from a security perspective - but, do you have the manpower to workaround all ifs and buts that are created without direct internet access and does your workflow/do your apps allow this?

Please narrow your question.
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The following article is comprised of the pearls we have garnered deploying virtualization solutions since Virtual Server 2005 and subsequent 2008 RTM+ Hyper-V in standalone and clustered environments.
If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
This Micro Tutorial will teach you the basics of configuring your computer to improve its speed. It will also teach you how to disable programs that are running in the background simultaneously. This will be demonstrated using Windows 7 operating…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question