Secure Your Endpoints
An endpoint can be any device, connected to your organization's resources. Endpoints can be managed (Laptops, Workstations or Servers) or unmanaged (Personal Mobile Phones, IOT devices).
For each category of endpoints, evaluate below guidelines and apply security measures that can help reduce the Risk in your organization.
Network Isolation
Segment and Isolate your endpoints, so they can only access the resources they actually need.
Evaluate Internet Access
Not every device needs access to the internet, only allow laptops and workstations, with authenticated users access to the internet.
Evaluate on a case-by-case if a non-authenticated device needs Internet Access, and limit the access to the strict minimum.
Install Antivirus and Host-Based Firewalls
Make sure every endpoint has an Antivirus and a local host based Firewall installed.
Disable the use of removable media, and any auto-run.
Removable Media (USB Drives, CD/DVD,...) can introduce many risks into an organization.
- - Evaluate if removable media is needed
- - Evaluate if you can enforce encryption on removable media
- - Always disable any auto-run or auto-start features
Only install / enable the services your require
To achieve this basic security configuration you should only install and use the services required to support your operations. This means that you should remove and disable all unnecessary components.