Workstation and User Security

avatar
Created by
Emmanuel

Cards (30)

  • Certain applications require administrator login, bypassing User Account Control (UAC).
  • User Account Control (UAC) prevents malware from executing as an administrator on the machine.
  • BitLocker: Encrypts the hard drive on the machine.
  • BitLocker To Go: Drive Encryption on removable drives.
  • Bitlocker: Encryption key is stored in a specialised chip called Trusted Platform Module (TPM).
  • Encrypting File System (EFS): Encryption for a file or folder.
  • Data-at-rest encryption: Use a bitlocker or EFS to encrypt data stored on the computer.
  • Complexity requirements: Password Length 8-10 minimum.
  • Character types: Mixture of all characters on keyboard.
  • Expiration requirements: Expire every 60-90 days.
  • Secure critical hardware (cable locks).
  • Secure personally identifiable information and passwords.
  • Disable Autorun and Autoplay (virus does not execute automatically if a malicious usb stick is plugged into the computer).
  • Data-at-rest encryption involves using tools like Bitlocker or EFS to encrypt data stored on a computer, ensuring that the data remains secure even if the physical device is compromised.
  • Password best practices include complexity requirements such as a minimum length of 8-10 characters and a mixture of all character types on the keyboard.
  • Expiration requirements for passwords typically involve setting them to expire every 60-90 days to enhance security.
  • End-users can practice security measures by using screensaver lock, logging off when not in use, securing critical hardware with cable locks, securing personally identifiable information and passwords, and disabling Autorun and Autoplay.
  • Setting a BIOS or UEFI password helps to secure the computer at a hardware level, preventing unauthorized access to the system settings and boot process.
  • Prevent Bios changes: Set a BIOS or UEFI Password.
  • Data-at-rest encryption: Encrypting data stored on a persistent storage device.
  • Maximum password age setting: Setting that forces users to change passwords regularly.
  •  USB locks: Locks the USB ports on the computer or removal of external USB devices.
  • Privacy filter: Prevent shoulder surfing by narrowing the viewing angle.
  • Restrict user administrative privileges to operating systems and applications based on user duties.
  • Autorun: An old feature that automatically Launch programs from inserted storage devices.
  • Minimum password age setting: Prevents users from bypassing password history policy requirements. (Reusing passwords they've used in the past).
  • Screen lock: A screen lock is a password-protected screensaver.
  • Invoke Sign-in screen: Windows Logo + L
  • Clean desk policy: Login information is not left on the desk.
  • Autoplay: A pop-up box that asks what a user would like to do with a removable storage drive.