Workstation Security Best Practices Flashcards
1
Q
Password expiration and recovery - Workstation Security Best Practices
A
- All passwords should expire (30 days, 60 days, 90 days, etc.)
- Critical systems might change more frequently
- Some organizations have a very formal recovery process
2
Q
Desktop security - Workstation Security Best Practices
A
- Require a screensaver password, lock after a timeout
- Disable autorun through the registry
- autorun.inf in Vista, no Autorun in Windows 7 or 8/8.1 • Consider changing AutoPlay
3
Q
Password best practices - Workstation Security Best Practices
A
- Changing default usernames/passwords
- Supervisor/Administrator BIOS password: Prevent BIOS changes
- User BIOS password: Prevent booting
- Always require passwords - No blank passwords, no automated logins
4
Q
Restricting user permissions - Workstation Security Best Practices
A
- Everyone isn’t an Administrator
- Assign proper rights and permissions
- Assign rights based on groups - Difficult to manage per-user rights
- Login time restrictions - Only login during working hours
5
Q
Disabling unnecessary accounts - Workstation Security Best Practices
A
- Not all accounts are necessary - disable/remove the unnecessary
- Disable interactive logins - Not all accounts need to login
- Change the default usernames - Helps with brute-force attacks
6
Q
Account lockout and disablement - Workstation Security Best Practices
A
- Too many bad passwords will cause a lockout
* Disable user accounts - You don’t want to delete accounts
7
Q
Data encryption - Workstation Security Best Practices
A
- Full-disk encryption - Encrypt the entire drive
- Filesystem encryption - Individual files and folders
- Removable media - Protect those USB flash drives
- Key backups are critical - You always need to have a copy
8
Q
Patch and update management - Workstation Security Best Practices
A
- Keep OS and applications updated for security and stability
- Deployment may be managed internally
- Many applications include their own updater
