Solved

Best Practices for Workstations Win7

Posted on 2014-12-04
7
128 Views
Last Modified: 2014-12-16
Hey guys,

 I was wondering what you guys thought are some good best practices for overall security at the office.

We have Win7 machines at Server 2012.

-enable pw complexity
-change pw 90 days
-lock screens after 15 mins

what else do you suggest?
0
Comment
Question by:Cobra25
7 Comments
 
LVL 11

Accepted Solution

by:
andreas earned 167 total points
ID: 40482288
- MOST important: Keep your software up to date (security patches, OS, Browser, Browserplugins, PDF, JAVA and Office as the most attacked pieces of software on the clients)
- A decent AV-Solution on each client,  different one on the server.
- A firewall at the border to the internet
- regular backups
- encryption of sensitive data.
- disable local admin accounts/ dont give admin access to users
0
 
LVL 57

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 167 total points
ID: 40482290
Always use a software firewall.
Antivirus is still important.
Run regular security scans (nessus, languard, openVAS, etc)
Run the Microsoft Baseline Security Analyzer.
For servers, run the various BPAs for each role.
Filter outbound traffic at your network edge, not just inbound, many UTMs default to allow all out. Locking down and getting better telemetry helps you see outbreaks far more quickly.
If your UTM doesn't have an IDS, run one separately, such as Snort.

Those are a few basic steps. From there, each environment has its own needs and demands, so recommendations that are universal get more difficult.
0
 
LVL 7

Expert Comment

by:Thomas Wheeler
ID: 40482291
Those are some good general practices. Also setting up Antivirus, firewall , application install remote access and sharing policies. Also check to see if your organization handles data that has special requirements that are regulated by a third party set of requirements like hippa or international security.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 80

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 166 total points
ID: 40482301
The very most important item is users run as STANDARD USERS and not administrators.
Mitigated 94% of all O/S related exploits and 100% of IE exploits from Microsoft own data collection statistics
0
 
LVL 4

Author Comment

by:Cobra25
ID: 40482303
thanks guys. i was looking strictly from a pc perspective. av + updates are already done.
0
 
LVL 92

Expert Comment

by:nobus
ID: 40482368
locking screens after 15 minutes gives still ample time to meddle - cut it down to 1-2 mins
also - if you want to be protected from copying data  -disable USB
keep all data on servers
0
 
LVL 54

Expert Comment

by:McKnife
ID: 40482378
Cobra, you would get better answers if your question would not be that broad. "Overall security" is everything. We could talk for hours and hours. It also depends on how much manpower you have. For example, I would suggest to deny internet access to the clients and switch to remoteapp usage for internet access. This is maybe the best thing you can do from a security perspective - but, do you have the manpower to workaround all ifs and buts that are created without direct internet access and does your workflow/do your apps allow this?

Please narrow your question.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

OfficeMate Freezes on login or does not load after login credentials are input.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question