Securing workstations #CyberSecMonth
Addressing risks and applying good practices
Since the General Data Protection Regulations, both citizens and organisations have become increasingly aware of the challenges involved in securing personal data and are responsible for digital security. CyberSecMonth is also an opportunity to communicate about the dangers associated with bank data. Thus, this week you will find two guides on the good reflexes in cybersecurity created by the French Banking Federation, a computer graphics on personal data designed by CLUSIF as well as a computer graphics on ANSSI‘s ransomware.
Protect your computer equipment by securing workstations
A user who is not well informed about good IT security practices can become the gateway to a malicious cyber attack. A workstation with a security vulnerability or few restrictions can therefore compromise the entire information system.
The measures to be taken:
Secure the entire IT infrastructure:
Implementing a minimum level of security throughout the entire IT infrastructure helps to counter or mitigate employee clumsiness. Thus, it is up to the IT department to limit the applications installed on computers. It is also advisable to activate the local firewall and install anti-virus software on each workstation. Encrypting the partitions where the data is located and disabling automatic executions are also good practices. Items that have to deviate from the rule (for example, for compatibility reasons) must be isolated from the system. Workstations and servers holding sensitive data must be backed up regularly on disconnected equipment.
A Cyber-attacker will seek to extend his intrusion to several workstations to access sensitive information. The activation of local firewalls via specialized software allows you to thwart or slow down his movements.
Protect yourself from removable media:
Removable media pose a threat to organizations as they can be easily misused. It is possible to spread viruses, steal sensitive information, and even compromise the network with a contaminated device. The Chief Information Systems Security Officer (CISSO) must make employees aware of the risks posed by these media.
Encrypt the company’s data flows:
It is essential to guarantee the security of data passing through the Internet. Thus, all data transmitted or hosted online must pass through secure communication channels (SSL/TLS or VPN tunnels), it is the CISSO’s responsibility to ensure that these means are encrypted and robust.
Apply security policies:
A cyber attack is often due to a flaw or vulnerability in the system, if the compliance of the entire system is not guaranteed, it remains vulnerable. The standardization of security policies is therefore a priority to secure an entire IT asset.
Implement these good practices:
Active Directory allows you to set up group policies (GPO) to define the security policies that will be deployed on all workstations in the domain, which allows you to disable automatic execution or limit incoming and outgoing flows from workstations, for example.
Defining a Software Restriction Strategy (SRP or AppLocker) allows you to define the authorized software and block execution from unknown devices. Without even realizing it, the user is restricted in his actions on the workstation and can only with difficulty accidentally compromise the integrity of the network.
Network segmentation, ideally by Private VLAN, is an optimal measure for network security.
As mentioned above, it is recommended to prohibit the connection of unknown USB keys. Legitimate keys (often those of the organization) whose content cannot be relied on should be forwarded to the IT department for testing on a single computer. If a key is broken, the combined use of antivirus, software restrictions and a firewall can limit the spread of the virus. Coupled with a centralized logging system (Wazuh or Splunk), the IT department can then obtain feedback and act accordingly. In all cases, the contents of a removable media must be subject to antivirus scanning.
Update your fleet in a few clicks with WAPT
WAPT is an Open Source software deployment solution that allows you to install, update or uninstall your software and configurations in less than two minutes. This way you can automatically deploy your software packages to keep your IT assets up to date and quickly fix security vulnerabilities. The centralized console allows you to act remotely on the entire fleet. WAPT also allows you to schedule the deployment of software so as not to interrupt the work of employees. With more than 1,000 packages available on the store, you can easily maintain your computer equipment!
We combine our software with our expertise on Samba Active Directory, the open source equivalent of Microsoft AD, to ensure the security of your fleet. Choosing Open Source means choosing to save on licensing costs and invest in the future of software!
What you shouldn’t have missed:
Who to follow during #CyberSecMonth?
Find all our recommendations on Twitter and LinkedIn and on hashtag: #TousSecNum, #CyberSecMonth, #ECSM2018 and #ECSM. Also follow our hashtag #CyberConseil to follow Tranquil IT’s advice and discover the following graphics
CyberSecurity Month continues and we continue to share our computer graphics with you. Today our CyberAdvice will highlight the importance of managing nomadism, especially at the level of mobile terminals.The Holiday Book for Digital Security is online! You may know...
CyberSecMonth is coming to an end, we hope you have read a lot of relevant articles and interesting computer graphics. On our side, we still have a few CyberAdvice to share with you and we are counting on the most greedy of you to be present at our meetings (every...