Significant breaches and extensive data theft regularly make the headlines. But where do these incidents originate? Very often, a user terminal is the first point of compromise that allowed lateral movement on the network, creating additional damage. And while it’s important to have a properly secured network, the terminal is often the last line of defense. With proper protections, the damage can be contained. Here are some practical steps to enhance workstation security.
No administrator session
Users should never log on with administrator rights, or even have this type of rights on their systems. In the past, some basic tasks, such as installing software, required administrator rights. But many things have changed with the latest operating systems. Now, with most of them, users can have the functionality they need to do their jobs without having to log in with administrator rights. It must therefore be considered that if a user claims such rights, it may be to do something that is not necessary for his function.
Remove unnecessary software
The applications and operating system of the client workstation are there to ensure that everything works correctly on the terminal. But most default installations contain software that is not essential for performing business tasks. And very often, these superfluous software are targeted by attackers and used as a point of compromise. Uninstalling or removing these programs reduces the attack surface and minimizes exposure.
Apply all patches
A fix is primarily a publisher that tells the world that there is a vulnerability in its software. Therefore, the longer a system remains without a fix, the larger the exposure window. And if patching is always a challenge, uninstalling unnecessary software reduces the scope and simplifies the process. In addition, if centralizing patch management is essential in business, it’s important to remember laptops: if a system is disconnected from the network, it is likely to miss out on the automated patching cycle.
Controlling, managing, and verifying the integrity of the software that you can run is critical to having secure systems. The use of white lists of applications can be an important paradigm shift. But it’s a valuable and scalable way to protect workstations. This is a complete list of all approved software, but it’s worth it: having locked posts makes attacks more difficult.
Filter dangerous executives
A large amount of malicious content often enters the network in the form of email attachments or web downloads. Running these software through gateways that not only examine the code, but launch it into sandboxes, can detect upstream malicious code and filter it before it enters the network. .
Isolate the danger in virtual machines
Web browsers and email clients are some of the most dangerous applications. We owe them a significant share of the damage to the systems. One trick is to run them in isolated virtual machines. Thus, malicious content can only affect the virtual machine, not the host. And once it is stopped, the malicious content stops presenting a risk. With this approach, the infection is contained and controlled, greatly limiting the damage.
Use thin clients
While not applicable to all environments, the use of thin clients is effective in controlling damage. In fact, the problem with heavy clients is that they are completely reinstalled only during hardware renewal. And this only happens after several years. From then on, an infected system can remain so for a very long time. With a thin client, the user receives a new environment each time they log on. And if he’s infected, it only lasts a few hours.
Even if there is no perfect solution to protect against attacks, focusing on the client workstation can help control many attacks and reduce risk.