Upload
lumension
View
760
Download
0
Tags:
Embed Size (px)
Citation preview
Combating Threats with WorkstationConfiguration Management
Made possible by:
© 2011 Monterey Technology Group Inc.
Preview of Key Points
© 2011 Monterey Technology Group Inc.
PollBusiness driversKey technical issues
Workstation security is different than server security
Group policy • Where it works• Where it stops
Configuration management is only one piece of endpoint security
Business Drivers
© 2011 Monterey Technology Group Inc.
Compliance mandatesWorkstations focus of today's threats
Business driver:compliance mandates
© 2011 Monterey Technology Group Inc.
Federal Desktop Core ConfigurationOffice of Management and Budget M-06-16
MandatePayment Card Industry Data Security
Standard
Business driver:endpoint focus of today’s threats
© 2011 Monterey Technology Group Inc.
Workstation re-emerged as the weak linkWorkstation initial, tactical targetEndpoints are especially vulnerableCompromised endpoint provides a beach-
head
Business driver:endpoint focus of today’s threats
© 2011 Monterey Technology Group Inc.
Workstation re-emerged as the weak linkWorkstation initial, tactical targetEndpoints are especially vulnerableCompromised endpoint provides a beach-
head
Business driver:endpoint focus of today’s threats
© 2011 Monterey Technology Group Inc.
Workstation re-emerged as the weak linkWorkstation initial, tactical targetEndpoints are especially vulnerableCompromised endpoint provides a beach-
head
Key Technical Issues
© 2011 Monterey Technology Group Inc.
Lingering misconception that workstations are not as important to security as servers are
• Workstations are in fact a critical part of the overall trusted computing base within an organization just like servers, storage devices and routers
Key Technical Issues
© 2011 Monterey Technology Group Inc.
Workstation security is different than server securityServer security is about
• Network intrusion• Access control
Workstation security more about• Interactive GUI usage• Non technical end user behavior• Malicious content being parsed and processed• Physical security
Key Technical Issues
© 2011 Monterey Technology Group Inc.
Configuration management is the foundation of endpoint securityAll other endpoint security technologies can be compromised or circumvented if the operating system itself is insecure
Operating System
Encryption Patch AV Application Whitelisting etc
Group Policy: An Important Part of the Solution
© 2011 Monterey Technology Group Inc.
Where it worksWhere it stops
Where Group Policy Works
© 2011 Monterey Technology Group Inc.
Core configurationNo brainerDon’t use anything elseUnderstand how to scope group policy
with groups instead of OUsUse the Results Wizard to double checkUse import/export for change managementUse auditing to monitor for changes in
group policy
Where Group Policy Stops
© 2011 Monterey Technology Group Inc.
1. Unsupported Security Settings
2. Managed Execution of Custom Scripts
3. Visibility and Reporting
1. Unsupported SecuritySettings
© 2011 Monterey Technology Group Inc.
Password filtersApplication settingsBIOS configuration“Preferences”
2. Managed Executionof Custom Scripts
© 2011 Monterey Technology Group Inc.
Lots of things that can only be configured from the command lineBitLocker, TPM, some advanced audit policies
Logon and Startup scriptsHow to run only once?Did it run?When will it run?
3. Visibility and Reporting
© 2011 Monterey Technology Group Inc.
Is group policy broken?Is it being applied as expected?Even Group Policy Modeling Wizard
operates under some assumptionsResults Wizard only shows one computer?
Bottom Line
© 2011 Monterey Technology Group Inc.
Endpoint security should be priority one for most infosec organizations today
Workstation configuration management is the foundation
Group policy only part of the solutionEndpoint security includes so many more
pieces on top of configuration management Comprehensive, unified solution needed
191919PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
6 – Relating Risk to the Business
Lumension® Endpoint Management and Security Suite