Secure Your Endpoints

An endpoint can be any device, connected to your organization's resources. Endpoints can be managed (Laptops, Workstations or Servers) or unmanaged (Personal Mobile Phones, IOT devices).

For each category of endpoints, evaluate below guidelines and apply security measures that can help reduce the Risk in your organization.

Network Isolation

Segment and Isolate your endpoints, so they can only access the resources they actually need.

Evaluate Internet Access

Not every device needs access to the internet, only allow laptops and workstations, with authenticated users access to the internet.

Evaluate on a case-by-case if a non-authenticated device needs Internet Access, and limit the access to the strict minimum.

Install Antivirus and Host-Based Firewalls

Make sure every endpoint has an Antivirus and a local host based Firewall installed.

Disable the use of removable media, and any auto-run.

Removable Media (USB Drives, CD/DVD,...) can introduce many risks into an organization.

  • - Evaluate if removable media is needed
  • - Evaluate if you can enforce encryption on removable media
  • - Always disable any auto-run or auto-start features

Only install / enable the services your require

To achieve this basic security configuration you should only install and use the services required to support your operations. This means that you should remove and disable all unnecessary components.

TASK

Only install and use required services and components

TASK

Disable Auto-Run

TASK

Have an active and up-to-date host-based firewall on internet connected servers and workstations.