Securing your workstations #CyberSecMonth

Protect your computer equipment by securing your workstations

A user who is not well informed about best IT security practices can become the gateway to a malicious cyber attack. A workstation with a security vulnerability or few restrictions can therefore compromise the entire information system.

Measures to be taken:

Secure the entire IT infrastructure:

Implementing a minimum level of security throughout your entire IT infrastructure helps to counter or mitigate employee clumsiness. Thus, it is up to the IT department to limit the applications installed on computers. It is also advisable to activate the local firewall and install anti-virus software on each pc to help secure the workstations. Encrypting the partitions where the data is located and disabling automatic executions are also good practices. Items that have to deviate from the rule (for example, for compatibility reasons) must be isolated from the system. Workstations and servers holding sensitive data must be backed up regularly on disconnected equipment.

A Cyber-attacker will seek to extend his intrusion to several workstations to access sensitive information. The activation of local firewalls via specialized software allows you to prevent or slow down his movements ans secure your workstations.

Protect yourself from removable media:

Removable media poses a threat to organizations as they can be easily misused. It is then possible to:

• Spread viruses
• Steal sensitive information
• Compromise the network with a contaminated device.

The Head of Information Systems Security must make employees aware of the risks posed by removable media.

Encrypt the company’s data flows:

It is essential to guarantee the security of data passing through the Internet. Thus, all data transmitted or hosted online must pass through secure communication channels (SSL/TLS or VPN tunnels). It is the CISSO’s responsibility to ensure that these means are encrypted and robust.

Apply security policies:

A cyber attack is often due to a flaw or vulnerability in the system, if the compliance of the entire system is not guaranteed, it remains vulnerable. The standardization of security policies is therefore a priority to secure an entire IT asset.

Implement these best practices to secure your workstations:

Active Directory allows you to set up group policies (GPO) to define the security policies that will be deployed on all workstations in the domain. This allows you to disable automatic execution or limit incoming and outgoing flows from workstations for example.

Defining a Software Restriction Strategy (SRP or AppLocker) allows you to define the authorized software and block execution from unknown devices. Without even realizing it, the user is restricted in his actions on the workstation and can only with difficulty, accidentally compromise the integrity of the network.

Network segmentation, ideally by Private VLAN, is an optimal measure for network security.

As mentioned above, it is recommended to prohibit the connection of unknown USB keys. Legitimate keys (often those of the organization) whose content cannot be relied on should be forwarded to the IT department for testing on a single computer. If a key is broken, the combined use of antivirus, software restrictions and a firewall can limit the spread of the virus. Coupled with a centralized logging system (Wazuh or Splunk), the IT department can then obtain feedback and act accordingly. In all cases, the contents of a removable media must be subject to antivirus scanning. This will help secure your workstations.

Securing an entire computer park means ensuring that all workstations and applications used by employees are updated frequently. It is also necessary to ensure that security rules (antivirus, firewall, SRP, GPO) are properly activated on all workstations. It is important for administrators to be able to easily and quickly apply these policies in the organization. This helps to promote countermeasures.

Update your IT park in just a few clicks with WAPT

WAPT is an Open Source software deployment solution that allows you to install, update or uninstall your software and configurations in less than two minutes. This way you can automatically deploy your software packages to keep your IT assets up to date and quickly fix security vulnerabilities. The centralized console allows you to act remotely on the entire fleet. WAPT also allows you to schedule the deployment of software so as not to interrupt the work of employees. With more than 1,000 packages available on the store, you can easily maintain your computer equipment!

We combine our software with our expertise on Samba Active Directory, the open source equivalent of Microsoft AD, to ensure the security of your fleet. Choosing Open Source means choosing to save on licensing costs and invest in the future of software!

Addressing risks and applying best practices

Since the General Data Protection Regulations, both citizens and organisations have become increasingly aware of the challenges involved in securing personal data.CyberSecMonth is also an opportunity to communicate about the dangers associated with bank data. Thus, this week you will find :

• Two guides on good reflexes for cybersecurity created by the French Banking Federation,
• One computer graphic on personal data designed by CLUSIF
• One computer graphic on ANSSI‘s ransomware.

What you don’t want to miss :

• Digital security professions – ANSSI
• Facebook hacked : A cyber-hygiene problem – AB Consulting

Find all our recommendations on Twitter and LinkedIn and on hashtag: #TousSecNum, #CyberSecMonth, #ECSM2018 and #ECSM. Also follow our hashtag #CyberConseil to follow Tranquil IT’s advice and discover the following graphics.