Solved

Best Practices for Workstations Win7

Posted on 2014-12-04
7
120 Views
Last Modified: 2014-12-16
Hey guys,

 I was wondering what you guys thought are some good best practices for overall security at the office.

We have Win7 machines at Server 2012.

-enable pw complexity
-change pw 90 days
-lock screens after 15 mins

what else do you suggest?
0
Comment
Question by:Cobra25
7 Comments
 
LVL 11

Accepted Solution

by:
andreas earned 167 total points
ID: 40482288
- MOST important: Keep your software up to date (security patches, OS, Browser, Browserplugins, PDF, JAVA and Office as the most attacked pieces of software on the clients)
- A decent AV-Solution on each client,  different one on the server.
- A firewall at the border to the internet
- regular backups
- encryption of sensitive data.
- disable local admin accounts/ dont give admin access to users
0
 
LVL 56

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 167 total points
ID: 40482290
Always use a software firewall.
Antivirus is still important.
Run regular security scans (nessus, languard, openVAS, etc)
Run the Microsoft Baseline Security Analyzer.
For servers, run the various BPAs for each role.
Filter outbound traffic at your network edge, not just inbound, many UTMs default to allow all out. Locking down and getting better telemetry helps you see outbreaks far more quickly.
If your UTM doesn't have an IDS, run one separately, such as Snort.

Those are a few basic steps. From there, each environment has its own needs and demands, so recommendations that are universal get more difficult.
0
 
LVL 6

Expert Comment

by:Thomas Wheeler
ID: 40482291
Those are some good general practices. Also setting up Antivirus, firewall , application install remote access and sharing policies. Also check to see if your organization handles data that has special requirements that are regulated by a third party set of requirements like hippa or international security.
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 78

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 166 total points
ID: 40482301
The very most important item is users run as STANDARD USERS and not administrators.
Mitigated 94% of all O/S related exploits and 100% of IE exploits from Microsoft own data collection statistics
0
 
LVL 4

Author Comment

by:Cobra25
ID: 40482303
thanks guys. i was looking strictly from a pc perspective. av + updates are already done.
0
 
LVL 91

Expert Comment

by:nobus
ID: 40482368
locking screens after 15 minutes gives still ample time to meddle - cut it down to 1-2 mins
also - if you want to be protected from copying data  -disable USB
keep all data on servers
0
 
LVL 53

Expert Comment

by:McKnife
ID: 40482378
Cobra, you would get better answers if your question would not be that broad. "Overall security" is everything. We could talk for hours and hours. It also depends on how much manpower you have. For example, I would suggest to deny internet access to the clients and switch to remoteapp usage for internet access. This is maybe the best thing you can do from a security perspective - but, do you have the manpower to workaround all ifs and buts that are created without direct internet access and does your workflow/do your apps allow this?

Please narrow your question.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Join & Write a Comment

Suggested Solutions

When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup". After a while, you have entered a loop for Auto repair which does not fix anything and you will be in a  panic as all your work w…
A procedure for exporting installed hotfix details of remote computers using powershell
This Micro Tutorial will teach you the basics of configuring your computer to improve its speed. It will also teach you how to disable programs that are running in the background simultaneously. This will be demonstrated using Windows 7 operating…
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum editing capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now