5.5 Workstations & Endpoints

Configuration Standards:
- a. Disable Windows Management Instrumentation (WMI), PowerShell, and Secure Shell (SSH) on workstations. SSH may be temporarily enabled by a DTC technician for troubleshooting and disabled upon task completion.
- b. Enable SSH on servers for secure remote management.

~~Security~~Incident ~~Agents:~~Response Integration:
- c. Deploy Endpoint Detection and Response (EDR) and Managed Detection and Response (MDR) oragents ~~Endpoint~~across ~~Detection~~all ~~and~~compute ~~Response (EDR) agents.~~resources.
- d. ~~Install~~Ensure ~~VPN~~continuous ~~clients~~monitoring ~~where~~and ~~applicable.~~analysis of endpoint activities to detect and respond to potential threats.
- e. Facilitate collaboration between EDR/MDR solutions and the Security Operations Center (SOC) to coordinate rapid incident response and remediation efforts.

VPN Clients
- f. Deploy relevant VPN Clients for clients remote access.

Roaming Content Filter
- g. Deploy relevant VPN Clients or DNS ~~content~~Roaming ~~filtering agents~~Agents on ~~laptops.~~
  laptops to filter content and protect the user from triggering malicious activity.

User Lockout Policy:

f.h. Trigger a 5-minute lockout period after 10 failed login attempts.

Screen Lock Policy:

g.i. Activate screen lock after 12 hours of inactivity.

Software Maintenance:

h.j. Deploy operating system patches according to the schedule. See Technical Controls
I.k. Install drivers according to the schedule. See Technical Controls
j.l. Deploy essential third-party applications according to the schedule. See Technical Controls
k.m. Install Line of Business (LOB) applications according to the schedule. See Technical Controls.

Application Allowlist Blocklist:

l.n. DTC does not enforce application allowlisting or blocklisting unless consulted with! Any applications deployed by the client is the responsibility of the client. We can work together though and take action to resolve these situations if the client has a documented allowlist and blocklist.

Technical Controls:

Control ID	Description	Tools/Methods
a	Disable WMI, PowerShell, and SSH on workstations; enable SSH temporarily for troubleshooting.	NinjaOne RMM, Microsoft Windows PowerShell, SOP
b	Enable SSH on servers for secure remote management.	NinjaOne RMM
c	Deploy ~~MDR/EDR~~Endpoint Detection and Response (EDR) and Managed Detection and Response (MDR) agents onacross ~~endpoints.~~all compute resources.	~~NinjaOne~~ ~~RMM,~~NinjaRMM, Blackpoint SNAP Agent
d	~~Install~~Ensure ~~VPN~~continuous ~~clients~~monitoring ~~where~~and ~~applicable.~~analysis of endpoint activities to detect and respond to potential threats.	~~NinjaOne~~Blackpoint ~~RMM,~~SNAP ~~Cloudflare WARP, ZeroTier~~Agent
e	~~Deploy~~Facilitate ~~DNS~~collaboration ~~content~~between ~~filtering~~EDR/MDR ~~agents~~solutions onand ~~laptops.~~the Security Operations Center (SOC) to coordinate rapid incident response and remediation efforts.	~~NinjaOne~~Blackpiont ~~RMM,~~SNAP Agent
f	Deploy relevant VPN Clients for clients remote access.	ZeroTier, Cloudflare WARP
g	Deploy relevant VPN Clients or DNS Roaming Agents on laptops to filter content and protect the user from triggering malicious activity.	DNSFilter Roaming Agent
fh	Implement a 5-minute lockout after 10 failed login attempts.	NinjaOne ~~RMM, Internet Access~~RMM
gI	Activate screen lock after 12 hours of inactivity.	NinjaOne ~~RMM, Internet Access~~RMM
hj	Deploy operating system patches as per schedule.	NinjaOne ~~RMM, Internet Access, SOP~~RMM
Ik	Install drivers according to the deployment schedule.	NinjaOne ~~RMM, Internet Access SOP~~RMM
jl	Deploy essential third-party applications per schedule.	NinjaOne ~~RMM, Internet Access, SOP~~RMM
km	Install Line of Business (LOB) applications as scheduled.	NinjaOne ~~RMM, Internet Access, SOP~~RMM
l.n	Application Allowlist blocklist	N/A