5.5 Workstations & Endpoints
5.5 Workstations & Endpoints
-
Configuration Standards:
-
a. Disable Windows Management Instrumentation (WMI), PowerShell, and Secure Shell (SSH) on workstations. SSH may be temporarily enabled by a DTC technician for troubleshooting and disabled upon task completion.
-
b. Enable SSH on servers for secure remote management.
-
Incident Response Integration:
-
c. Deploy Endpoint Detection and Response (EDR) and Managed Detection and Response (MDR) agents across all compute resources.
-
d. Ensure continuous monitoring and analysis of endpoint activities to detect and respond to potential threats.
-
e. Facilitate collaboration between EDR/MDR solutions and the Security Operations Center (SOC) to coordinate rapid incident response and remediation effortsVPN Clients
-
-
-
• VPN Clients and Roaming Content Filtering
o. g. Deploy appropriate VPN clients or DNS roaming agents on laptops to filter content and protect users from malicious activity.
-
Account Lockout Policy:
-
h. Trigger a 5-minute lockout period after 10 failed login attempts.
-
-
Screen Lock Policy:
-
i. Activate screen lock after 12 hours of inactivity.
-
-
Software Maintenance:
-
j. Deploy operating system patches according to the schedule. See Technical Controls
-
k. Install drivers according to the schedule. See Technical Controls
-
l. Deploy essential third-party applications according to the schedule. See Technical Controls
-
m. Install Line of Business (LOB) applications according to the schedule. See Technical Controls.
-
- Application Allowlist Blocklist:
- n. DTC does not enforce application allowlisting or blocklisting unless explicitly consulted. Applications deployed by the client are the client's responsibility. However, we are happy to collaborate and take appropriate action if the client provides a documented allowlist and blocklist
- o. Microsoft Co-Pilot is disabled by default on all Windows Endpoints.
Technical Controls:
| Control ID | Description | Tools/Methods |
|---|---|---|
| a | Disable WMI, PowerShell, and SSH on workstations; enable SSH temporarily for troubleshooting. | NinjaOne RMM, Microsoft Windows PowerShell, Client Specific SOP |
| b | Enable SSH on servers for secure remote management. | NinjaOne RMM |
| c |
Deploy Endpoint Detection and Response (EDR) and Managed Detection and Response (MDR) agents across all compute resources. |
NinjaRMM, Blackpoint SNAP Agent |
| d | Ensure continuous monitoring and analysis of endpoint activities to detect and respond to potential threats. | Blackpoint SNAP Agent |
| e | Facilitate collaboration between EDR/MDR solutions and the Security Operations Center (SOC) to coordinate rapid incident response and remediation efforts. | Blackpiont SNAP Agent |
| f | Deploy relevant VPN Clients for clients remote access. | ZeroTier, Cloudflare WARP |
| g | Deploy relevant VPN Clients or DNS Roaming Agents on laptops to filter content and protect the user from triggering malicious activity. | DNSFilter Roaming Agent |
| h | Implement a 5-minute lockout after 10 failed login attempts. | NinjaOne RMM |
| I | Activate screen lock after 12 hours of inactivity. | NinjaOne RMM |
| j | Deploy operating system patches as per schedule. | NinjaOne RMM, Windows OS Patching |
| k | Install drivers according to the deployment schedule. | NinjaOne RMM, Windows Driver Patching |
| l | Deploy essential third-party applications per schedule. | NinjaOne RMM, WIndows 3rd Party Patching |
| m | Install Line of Business (LOB) applications as scheduled. | NinjaOne RMM, Client Specific SOP |
| n | Application Allowlist blocklist | N/A |
| o | Microsoft Windows Copilot is disabled by default on all Windows Endpoints | NinjaOne RMM |
No comments to display
No comments to display