20 days to a more secure enterprise

Desktop administrators can improve the security of their organizations by doing a little each day. Learn how small steps can help you keep up.

Security isn't something you do once and then forget about -- it's a process, a habitual way of looking at things.

This mind-set can be difficult to get into, but one way to do it is to create a schedule of things to audit and do that regularly. Here's a list of things you can do over the course of 20 days that will make for more secure desktops -- and an overall more secure enterprise. You can revisit this updated list once or twice a year as needed, or even more often if you must.

Week 1

  • Monday
    Evaluate the "password last changed date" for all the user accounts on your domain controllers. Pay particular attention to administrative accounts because they are not subject to the standard password-change policy.
    Suggested tool: Dumpsec
  • Tuesday
    Check the password strength of user accounts. Run a dictionary attack against the password hashes, and identify those that are easy to crack. Force password changes as necessary.
    Suggested tool: Cain & Abel
  • Wednesday
    Make sure your antivirus definitions are up to date, and check to see if your chosen antivirus suite remains up to snuff.
    More information: AV Comparitives
  • Thursday
    Review corporate firewall logs, and look for any unusual activity. Also, consider reviewing firewall logs for key laptop systems.
    More information: Best practices for log monitoring
  • Friday
    Review security logs on your domain controllers. Look for successful connections from accounts that shouldn't be in use and for multiple failed connections that could indicate an attempt to guess a password.
    More information: List of Windows security log events

Week 2

  • Monday
    Implement stronger password-creation rules on your domain controllers.
    Suggested tool: Passfault
  • Tuesday
    Scan the internal network, and look for any unauthorized Web servers. Scan for TCP Ports 80 and 443. Shut down any Web servers that aren't approved.
    Suggested tool: Superscan
  • Wednesday
    Read the latest Microsoft security bulletins, and prioritize for deployment. (The second Tuesday of a given month is Microsoft's patch-release day, so you may want to make this the Wednesday before that Thursday, if possible.)
    More information: "Seven steps to structuring patch management"
  • Thursday
    Examine your systems for any evidence of "autoadminlogon" data. Check to see if the user's password is listed in the registry in plain text. Disable autoadminlogon unless explicitly needed for your business.
    More information: "Turning on the automatic logon in Windows XP" and "Turning on the  automatic logon in Windows 7"
  • Friday
    Review malware logs. If using Windows Defender, check the System Event Log for "windefend" items.
    More information: Windows Defender technical overview

Week 3

  • Monday
    Evaluate the last login dates for user accounts. Identify accounts that are still active but haven't logged in for six months or more. Disable these accounts where appropriate. (Make sure to scan all domain controllers to get accurate last login data.)
    Suggested tool: Dumpsec
  • Tuesday
    Check the patch status of your third-party applications, such as Sun Java, Mozilla Firefox, Adobe Reader and Apple iTunes.
    Available tools: PatchManagement.org list of vendors
  • Wednesday
    Look for dual-homed machines on the network that may be connected to two networks at the same time, bypassing the corporate firewalls or routers. Look for machines with multiple network interface cards, with different Media Access Control (MAC) addresses or protocols. Also, keep an eye out for virtual machines that might have randomly generated MAC addresses and which appear and disappear as they are instantiated and shut down.
    Suggested tool: Getmac (part of the operating system)
  • Thursday
    Start deploying patches to your systems.
    Available tools: PatchManagement.org list of vendors
  • Friday
    Review the local administrator group on each workstation, server and domain controller. Identify any user accounts that shouldn't be included in this group. Make sure to look at membership of global groups that may be referenced in the local group.
    Suggested tool: Dumpsec

Week 4

More tips for setting up secure desktops

Top recent Windows desktop security tips

Differences in security for physical and virtual desktops

VDI can actually hurt desktop security

Brian Madden's secure desktop recommendations

  • Monday
    Scan the network to check on the status of the Microsoft and third-party patch deployments.
    Available tools: PatchManagement.org list of vendors
  • Tuesday
    Scan the network, and locate unapproved instances of Microsoft SQL Server. Look for the presence of TCP Port 1433. Shut down any unapproved SQL servers.
    Suggested tool: Nmap
  • Wednesday
    Review your domain controller group policy settings for the Windows Firewall. Ensure that all the firewall settings for each location are properly set.
    More information: "How to deploy Windows XP firewall settings with Group Policy" and "How to control the Windows 7 firewall with a Group Policy Object" (for Windows 7)
  • Thursday
    Run the Microsoft Malicious Software Removal Tool on your desktop systems.
    Download (32 bit)
  • Download (64 bit)
  • Friday
    Review your corporate security policies, and make sure they reflect your current needs.
    More information: SANS Security Policy Project

Rinse and repeat every month, and you'll have a more secure desktop environment in no time!

This was first published in November 2009

Dig deeper on Endpoint security management tools

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchVirtualDesktop

SearchWindowsServer

SearchExchange

Close