Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Combating Threats with Workstation          Configuration Management Made possible by:                                 © ...
Brought to you by              www.lumension.comSpeaker    Russ Ernst & Rene Gonzalez
Preview of Key Points Poll Business drivers Key technical issues  Workstation security is different than server   secu...
Business Drivers Compliance mandates Workstations focus of todays threats© 2011 Monterey Technology Group Inc.
Business driver:                                        compliance mandates Federal Desktop Core Configuration Office of...
Business driver:                        endpoint focus of today’s threats Workstation re-emerged as the weak link Workst...
Business driver:                        endpoint focus of today’s threats Workstation re-emerged as the weak link Workst...
Business driver:                        endpoint focus of today’s threats Workstation re-emerged as the weak link Workst...
Key Technical Issues Lingering misconception that workstations  are not as important to security as servers  are         ...
Key Technical Issues Workstation security is different than  server security  Server security is about            • Netw...
Key Technical Issues Configuration management is the  foundation of endpoint security  All other endpoint security techn...
Group Policy: An Important                                   Part of the Solution Where it works Where it stops© 2011 Mo...
Where Group Policy Works Core configuration No brainer Don’t use anything else Understand how to scope group policy  w...
Where Group Policy Stops 1. Unsupported Security Settings 2. Managed Execution of Custom Scripts 3. Visibility and Reporti...
1. Unsupported Security                                                       Settings Password filters Application sett...
2. Managed Execution                                            of Custom Scripts Lots of things that can only be configu...
3. Visibility and Reporting Is group policy broken? Is it being applied as expected? Even Group Policy Modeling Wizard ...
Bottom Line Endpoint security should be priority one  for most infosec organizations today Workstation configuration man...
Lumension® Endpoint Management and Security Suite6 – Relating Risk to the Business 19        PROPRIETARY & CONFIDENTIAL - ...
Brought to you by              www.lumension.comSpeaker    Russ Ernst & Rene Gonzalez
Upcoming SlideShare
Loading in …5
×

Combating Threats with Workstation Configuration Management

1,061 views

Published on

In this presentation, Randy Franklin Smith from Ultimate Windows Security, stands up for group policy as the “right” way to configure the bulk of workstation security settings. But for endpoint configuration management to be secure, efficient and compliant, group policy is only part of the answer. Randy will discuss the need for status visibility and reporting. In addition, there are many areas that group policy does not address; he will provide multiple examples of commands and configuration tweaks commonly required to secure endpoints for which there’s no corresponding settings within group policy.

Published in: Technology
  • Be the first to comment

Combating Threats with Workstation Configuration Management

  1. 1. Combating Threats with Workstation Configuration Management Made possible by: © 2011 Monterey Technology Group Inc.
  2. 2. Brought to you by www.lumension.comSpeaker Russ Ernst & Rene Gonzalez
  3. 3. Preview of Key Points Poll Business drivers Key technical issues Workstation security is different than server security Group policy • Where it works • Where it stops Configuration management is only one piece of endpoint security© 2011 Monterey Technology Group Inc.
  4. 4. Business Drivers Compliance mandates Workstations focus of todays threats© 2011 Monterey Technology Group Inc.
  5. 5. Business driver: compliance mandates Federal Desktop Core Configuration Office of Management and Budget M-06-16 Mandate Payment Card Industry Data Security Standard© 2011 Monterey Technology Group Inc.
  6. 6. Business driver: endpoint focus of today’s threats Workstation re-emerged as the weak link Workstation initial, tactical target Endpoints are especially vulnerable Compromised endpoint provides a beach- head© 2011 Monterey Technology Group Inc.
  7. 7. Business driver: endpoint focus of today’s threats Workstation re-emerged as the weak link Workstation initial, tactical target Endpoints are especially vulnerable Compromised endpoint provides a beach- head© 2011 Monterey Technology Group Inc.
  8. 8. Business driver: endpoint focus of today’s threats Workstation re-emerged as the weak link Workstation initial, tactical target Endpoints are especially vulnerable Compromised endpoint provides a beach- head© 2011 Monterey Technology Group Inc.
  9. 9. Key Technical Issues Lingering misconception that workstations are not as important to security as servers are • Workstations are in fact a critical part of the overall trusted computing base within an organization just like servers, storage devices and routers© 2011 Monterey Technology Group Inc.
  10. 10. Key Technical Issues Workstation security is different than server security Server security is about • Network intrusion • Access control Workstation security more about • Interactive GUI usage • Non technical end user behavior • Malicious content being parsed and processed • Physical security© 2011 Monterey Technology Group Inc.
  11. 11. Key Technical Issues Configuration management is the foundation of endpoint security All other endpoint security technologies can be compromised or circumvented if the operating system itself is insecure Application Encryption Patch AV etc Whitelisting Operating System© 2011 Monterey Technology Group Inc.
  12. 12. Group Policy: An Important Part of the Solution Where it works Where it stops© 2011 Monterey Technology Group Inc.
  13. 13. Where Group Policy Works Core configuration No brainer Don’t use anything else Understand how to scope group policy with groups instead of OUs Use the Results Wizard to double check Use import/export for change management Use auditing to monitor for changes in group policy© 2011 Monterey Technology Group Inc.
  14. 14. Where Group Policy Stops 1. Unsupported Security Settings 2. Managed Execution of Custom Scripts 3. Visibility and Reporting© 2011 Monterey Technology Group Inc.
  15. 15. 1. Unsupported Security Settings Password filters Application settings BIOS configuration “Preferences”© 2011 Monterey Technology Group Inc.
  16. 16. 2. Managed Execution of Custom Scripts Lots of things that can only be configured from the command line BitLocker, TPM, some advanced audit policies Logon and Startup scripts How to run only once? Did it run? When will it run?© 2011 Monterey Technology Group Inc.
  17. 17. 3. Visibility and Reporting Is group policy broken? Is it being applied as expected? Even Group Policy Modeling Wizard operates under some assumptions Results Wizard only shows one computer?© 2011 Monterey Technology Group Inc.
  18. 18. Bottom Line Endpoint security should be priority one for most infosec organizations today Workstation configuration management is the foundation Group policy only part of the solution Endpoint security includes so many more pieces on top of configuration management Comprehensive, unified solution needed© 2011 Monterey Technology Group Inc.
  19. 19. Lumension® Endpoint Management and Security Suite6 – Relating Risk to the Business 19 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  20. 20. Brought to you by www.lumension.comSpeaker Russ Ernst & Rene Gonzalez

×