Solved

Best Practices for Workstations Win7

Posted on 2014-12-04
7
122 Views
Last Modified: 2014-12-16
Hey guys,

 I was wondering what you guys thought are some good best practices for overall security at the office.

We have Win7 machines at Server 2012.

-enable pw complexity
-change pw 90 days
-lock screens after 15 mins

what else do you suggest?
0
Comment
Question by:Cobra25
7 Comments
 
LVL 11

Accepted Solution

by:
andreas earned 167 total points
ID: 40482288
- MOST important: Keep your software up to date (security patches, OS, Browser, Browserplugins, PDF, JAVA and Office as the most attacked pieces of software on the clients)
- A decent AV-Solution on each client,  different one on the server.
- A firewall at the border to the internet
- regular backups
- encryption of sensitive data.
- disable local admin accounts/ dont give admin access to users
0
 
LVL 56

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 167 total points
ID: 40482290
Always use a software firewall.
Antivirus is still important.
Run regular security scans (nessus, languard, openVAS, etc)
Run the Microsoft Baseline Security Analyzer.
For servers, run the various BPAs for each role.
Filter outbound traffic at your network edge, not just inbound, many UTMs default to allow all out. Locking down and getting better telemetry helps you see outbreaks far more quickly.
If your UTM doesn't have an IDS, run one separately, such as Snort.

Those are a few basic steps. From there, each environment has its own needs and demands, so recommendations that are universal get more difficult.
0
 
LVL 7

Expert Comment

by:Thomas Wheeler
ID: 40482291
Those are some good general practices. Also setting up Antivirus, firewall , application install remote access and sharing policies. Also check to see if your organization handles data that has special requirements that are regulated by a third party set of requirements like hippa or international security.
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 79

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 166 total points
ID: 40482301
The very most important item is users run as STANDARD USERS and not administrators.
Mitigated 94% of all O/S related exploits and 100% of IE exploits from Microsoft own data collection statistics
0
 
LVL 4

Author Comment

by:Cobra25
ID: 40482303
thanks guys. i was looking strictly from a pc perspective. av + updates are already done.
0
 
LVL 91

Expert Comment

by:nobus
ID: 40482368
locking screens after 15 minutes gives still ample time to meddle - cut it down to 1-2 mins
also - if you want to be protected from copying data  -disable USB
keep all data on servers
0
 
LVL 53

Expert Comment

by:McKnife
ID: 40482378
Cobra, you would get better answers if your question would not be that broad. "Overall security" is everything. We could talk for hours and hours. It also depends on how much manpower you have. For example, I would suggest to deny internet access to the clients and switch to remoteapp usage for internet access. This is maybe the best thing you can do from a security perspective - but, do you have the manpower to workaround all ifs and buts that are created without direct internet access and does your workflow/do your apps allow this?

Please narrow your question.
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What to do when Windows Update is not working correctly? What tools can I use to detect the cause of the malfunction problem? What does this numeric error code mean? These and other questions that you have been asking in the past are answered here (…
While working, an annoying popup showing below will come and we cannot cancel or close it form the screen. The error message will come again and again.
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now