Securing workstations #CyberSecMonth

by | Nov 8, 2018 | CyberSecMonth, News & Events

The news of this third week of CyberSecMonth will focus on the risks and good practices in cybersecurity, it is for us the opportunity to present you our fourth #CyberAdvice on the importance of securing an organization’s computer workstations.

Protect your computer equipment by securing workstations

A user who is not well informed about good IT security practices can become the gateway to a malicious cyber attack. A workstation with a security vulnerability or few restrictions can therefore compromise the entire information system.

Infographie "sécuriser les postes"

The risk of intrusion can therefore be reduced by using precautions that are relatively easy to implement. In any case, raising team awareness of cybersecurity issues remains a good practice to be developed internally!

The measures to be taken:

Secure the entire IT infrastructure:

Implementing a minimum level of security throughout the entire IT infrastructure helps to counter or mitigate employee clumsiness. Thus, it is up to the IT department to limit the applications installed on computers. It is also advisable to activate the local firewall and install anti-virus software on each workstation. Encrypting the partitions where the data is located and disabling automatic executions are also good practices. Items that have to deviate from the rule (for example, for compatibility reasons) must be isolated from the system. Workstations and servers holding sensitive data must be backed up regularly on disconnected equipment.

A Cyber-attacker will seek to extend his intrusion to several workstations to access sensitive information. The activation of local firewalls via specialized software allows you to thwart or slow down its movements.

Protect yourself from removable media:

Removable media poses a threat to organizations as they can be easily misused. It is possible to spread viruses, steal sensitive information, and even compromise the network with a contaminated device. The Chief Information Systems Security Officer (CISSO) must make employees aware of the risks posed by this type of media.

Encrypt the company’s data flows:

It is essential to guarantee the security of data passing through the Internet. Thus, all data transmitted or hosted online must pass through secure communication channels (SSL/TLS or VPN tunnels), it is the CISSO’s responsibility to ensure that these means are encrypted and robust.

Apply security policies:

A cyber attack is often due to a flaw or vulnerability in the system. If the compliance of the entire system is not guaranteed, it remains vulnerable. The standardization of security policies are therefore a priority to secure your entire IT asset.

Implement these good practices:

Active Directory allows you to set up group policies (GPO) to define the security policies that will be deployed on all workstations in that domain, which allows you to disable automatic execution or limit incoming and outgoing flows from workstations, for example.

Defining a Software Restriction Strategy (SRP or AppLocker) allows you to define the authorized software and block execution from unknown devices. Without even realizing it, the user is restricted in his actions on the workstation and can only with difficulty accidentally compromise the integrity of the network.

Network segmentation, ideally by Private VLAN, is an optimal measure for network security.

As mentioned above, it is recommended to prohibit the connection of unknown USB keys. Legitimate keys (often those of the organization) whose content cannot be relied on should be forwarded to the IT department for testing on a single computer. If a key is broken, the combined use of antivirus, software restrictions and a firewall can limit the spread of the virus. Coupled with a centralized logging system (Wazuh or Splunk), the IT department can then obtain feedback and act accordingly. In all cases, the contents of a removable media must be subject to antivirus scanning.

Update your fleet in a few clicks with WAPT

WAPT is an Open Source software deployment solution that allows you to install, update or uninstall your software and configurations in less than two minutes. This way you can automatically deploy your software packages to keep your IT assets up to date and quickly fix security vulnerabilities. The centralized console allows you to act remotely on the entire fleet. WAPT also allows you to schedule the deployment of software so as not to interrupt the work of employees. With more than 1,000 packages available on the store, you can easily maintain your computer equipment!

We combine our software with our expertise on Samba Active Directory, the open source equivalent of Microsoft AD, to ensure the security of your fleet. Choosing Open Source means choosing to save on licensing costs and invest in the future of software!

Do you need to keep your computer equipment up to date?

Addressing risks and applying good practices

Since the General Data Protection Regulations, both citizens and organisations have become increasingly aware of the challenges involved in securing personal data and are responsible for digital security. CyberSecMonth is also an opportunity to communicate about the dangers associated with bank data. Thus, this week you will find two guides on the good reflexes in cybersecurity created by the French Banking Federation, a computer graphics on personal data designed by CLUSIF as well as a computer graphics on ANSSI‘s ransomware.

What you shouldn’t have missed:

Who to follow during #CyberSecMonth?

Articles not to be missed:

Find all our recommendations on Twitter and LinkedIn and on hashtag: #TousSecNum, #CyberSecMonth, #ECSM2018 and #ECSM. Also follow our hashtag #CyberConseil to follow Tranquil IT’s advice and discover the following graphics

WAPT Self Service: Allow users to install software

WAPT Self Service: Allow users to install software

At Tranquil IT, we work on a daily basis with system administrators who are looking for fast and efficient solutions to manage and secure their IT assets, which is certainly why they come to meet us (hello WAPT). And if there is one problem that any AdminSys is likely...

read more