Combating Threats with Workstation Configuration Management

Combating Threats with WorkstationConfiguration Management

Made possible by:

© 2011 Monterey Technology Group Inc.

Brought to you by

SpeakerRuss Ernst & Rene Gonzalez

www.lumension.com

Preview of Key Points


PollBusiness driversKey technical issues

Workstation security is different than server security

Group policy • Where it works• Where it stops

Configuration management is only one piece of endpoint security

Business Drivers


Compliance mandatesWorkstations focus of today's threats

Business driver:compliance mandates


Federal Desktop Core ConfigurationOffice of Management and Budget M-06-16

MandatePayment Card Industry Data Security

Standard

Business driver:endpoint focus of today’s threats


Workstation re-emerged as the weak linkWorkstation initial, tactical targetEndpoints are especially vulnerableCompromised endpoint provides a beach-

head




head




head

Key Technical Issues


Lingering misconception that workstations are not as important to security as servers are

• Workstations are in fact a critical part of the overall trusted computing base within an organization just like servers, storage devices and routers



Workstation security is different than server securityServer security is about

• Network intrusion• Access control

Workstation security more about• Interactive GUI usage• Non technical end user behavior• Malicious content being parsed and processed• Physical security



Configuration management is the foundation of endpoint securityAll other endpoint security technologies can be compromised or circumvented if the operating system itself is insecure

Operating System

Encryption Patch AV Application Whitelisting etc

Group Policy: An Important Part of the Solution


Where it worksWhere it stops

Where Group Policy Works


Core configurationNo brainerDon’t use anything elseUnderstand how to scope group policy

with groups instead of OUsUse the Results Wizard to double checkUse import/export for change managementUse auditing to monitor for changes in

group policy

Where Group Policy Stops


1. Unsupported Security Settings

2. Managed Execution of Custom Scripts

3. Visibility and Reporting

1. Unsupported SecuritySettings


Password filtersApplication settingsBIOS configuration“Preferences”

2. Managed Executionof Custom Scripts


Lots of things that can only be configured from the command lineBitLocker, TPM, some advanced audit policies

Logon and Startup scriptsHow to run only once?Did it run?When will it run?

3. Visibility and Reporting


Is group policy broken?Is it being applied as expected?Even Group Policy Modeling Wizard

operates under some assumptionsResults Wizard only shows one computer?

Bottom Line


Endpoint security should be priority one for most infosec organizations today

Workstation configuration management is the foundation

Group policy only part of the solutionEndpoint security includes so many more

pieces on top of configuration management Comprehensive, unified solution needed

191919PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

6 – Relating Risk to the Business

Lumension® Endpoint Management and Security Suite

Brought to you by

SpeakerRuss Ernst & Rene Gonzalez

www.lumension.com