Secure Your Endpoints
An endpoint can be any device, connected to your organizations resources. Endpoints can be managed (Laptops, Workstations or Severs) or unmanaged (Personal Mobile Phones, IOT-Devices
For each collection of endpoints, evaluate below guidelines and apply security measures that can help reduce the Risk in your organization
Segment and Isolate your endpoints, so they can only access the resoruces they actually need
Evaluate Internet Access
Not every device needs access to the internet, only allow laptops and workstations, with authenticated users access to the internet
Evaluate on a case-by-case if a non-authenticated device needs Internet Access, and limit the access to the strict minimum
Install Antivirus and Host-Based Firewalls
Make sure every endpoint has an AntiVirus, and a local Host-Based Firewall installed
Disable the use of removable media, and any auto-run.
Removable Media (USB Drives, CD/DVD-Rom,...) can introduce many risks into an organisation
- - Evaluate if removable media is needed
- - Evaluate if you can enforce encryption on removable media
- - Always disable any auto-run or auto-start features
Only Install / Enable the services your require
To achieve this basic security configuration you should only install and use the services required to fulfil their role. This means that you should remove and disable all unnecessary components.