Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Best Practices for Workstations Win7

Posted on 2014-12-04
7
Medium Priority
?
133 Views
Last Modified: 2014-12-16
Hey guys,

 I was wondering what you guys thought are some good best practices for overall security at the office.

We have Win7 machines at Server 2012.

-enable pw complexity
-change pw 90 days
-lock screens after 15 mins

what else do you suggest?
0
Comment
Question by:Cobra25
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 12

Accepted Solution

by:
andreas earned 668 total points
ID: 40482288
- MOST important: Keep your software up to date (security patches, OS, Browser, Browserplugins, PDF, JAVA and Office as the most attacked pieces of software on the clients)
- A decent AV-Solution on each client,  different one on the server.
- A firewall at the border to the internet
- regular backups
- encryption of sensitive data.
- disable local admin accounts/ dont give admin access to users
0
 
LVL 59

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 668 total points
ID: 40482290
Always use a software firewall.
Antivirus is still important.
Run regular security scans (nessus, languard, openVAS, etc)
Run the Microsoft Baseline Security Analyzer.
For servers, run the various BPAs for each role.
Filter outbound traffic at your network edge, not just inbound, many UTMs default to allow all out. Locking down and getting better telemetry helps you see outbreaks far more quickly.
If your UTM doesn't have an IDS, run one separately, such as Snort.

Those are a few basic steps. From there, each environment has its own needs and demands, so recommendations that are universal get more difficult.
0
 
LVL 7

Expert Comment

by:Thomas Wheeler
ID: 40482291
Those are some good general practices. Also setting up Antivirus, firewall , application install remote access and sharing policies. Also check to see if your organization handles data that has special requirements that are regulated by a third party set of requirements like hippa or international security.
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 
LVL 83

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 664 total points
ID: 40482301
The very most important item is users run as STANDARD USERS and not administrators.
Mitigated 94% of all O/S related exploits and 100% of IE exploits from Microsoft own data collection statistics
0
 
LVL 4

Author Comment

by:Cobra25
ID: 40482303
thanks guys. i was looking strictly from a pc perspective. av + updates are already done.
0
 
LVL 93

Expert Comment

by:nobus
ID: 40482368
locking screens after 15 minutes gives still ample time to meddle - cut it down to 1-2 mins
also - if you want to be protected from copying data  -disable USB
keep all data on servers
0
 
LVL 56

Expert Comment

by:McKnife
ID: 40482378
Cobra, you would get better answers if your question would not be that broad. "Overall security" is everything. We could talk for hours and hours. It also depends on how much manpower you have. For example, I would suggest to deny internet access to the clients and switch to remoteapp usage for internet access. This is maybe the best thing you can do from a security perspective - but, do you have the manpower to workaround all ifs and buts that are created without direct internet access and does your workflow/do your apps allow this?

Please narrow your question.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
IF you are either unfamiliar with rootkits, or want to know more about them, read on ....
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

664 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question