Secure Your Endpoints

An endpoint can be any device, connected to your organizations resources. Endpoints can be managed (Laptops, Workstations or Severs) or unmanaged (Personal Mobile Phones, IOT-Devices

For each collection of endpoints, evaluate below guidelines and apply security measures that can help reduce the Risk in your organization

Network Isolation

Segment and Isolate your endpoints, so they can only access the resoruces they actually need

Evaluate Internet Access

Not every device needs access to the internet, only allow laptops and workstations, with authenticated users access to the internet

Evaluate on a case-by-case if a non-authenticated device needs Internet Access, and limit the access to the strict minimum

Install Antivirus and Host-Based Firewalls

Make sure every endpoint has an AntiVirus, and a local Host-Based Firewall installed

Disable the use of removable media, and any auto-run.

Removable Media (USB Drives, CD/DVD-Rom,...) can introduce many risks into an organisation

  • - Evaluate if removable media is needed
  • - Evaluate if you can enforce encryption on removable media
  • - Always disable any auto-run or auto-start features

Only Install / Enable the services your require

To achieve this basic security configuration you should only install and use the services required to fulfil their role. This means that you should remove and disable all unnecessary components.


Only install and use required services and components


Disable Auto-Run


Have an active and up-to-date host-based firewall on internet connected servers and workstations.