Skip to main content

5.5 Workstations & Endpoints

5.5 Workstations & Endpoints

  • Configuration Standards:

    • a. Disable Windows Management Instrumentation (WMI), PowerShell, and Secure Shell (SSH) on workstations. SSH may be temporarily enabled by a DTC technician for troubleshooting and disabled upon task completion.

    • b. Enable SSH on servers for secure remote management.

    • Incident Response Integration:

      • c. Deploy Endpoint Detection and Response (EDR) and Managed Detection and Response (MDR) agents across all compute resources.​

      • d. Ensure continuous monitoring and analysis of endpoint activities to detect and respond to potential threats.​

      • e. Facilitate collaboration between EDR/MDR solutions and the Security Operations Center (SOC) to coordinate rapid incident response and remediation efforts.​effortsVPN Clients

  • VPN Clients
    • fg. Deploy relevant VPN Clients foror clientsDNS remoteRoaming access.Agents on laptops to filter content and protect the user from triggering malicious activity.
  • Roaming Content Filter
    • g. Deploy relevant VPN Clients or DNS Roaming Agents on laptops to filter content and protect the user from triggering malicious activity.

  • User Lockout Policy:

    • h. Trigger a 5-minute lockout period after 10 failed login attempts.

  • Screen Lock Policy:

    • i. Activate screen lock after 12 hours of inactivity.

  • Software Maintenance:

    • j. Deploy operating system patches according to the schedule. See Technical Controls

    • k. Install drivers according to the schedule. See Technical Controls

    • l. Deploy essential third-party applications according to the schedule. See Technical Controls

    • m. Install Line of Business (LOB) applications according to the schedule. See Technical Controls.

  • Application Allowlist Blocklist:
    • n. DTC does not enforce application allowlisting or blocklisting unless consulted with! Any applications deployed by the client is the responsibility of the client. We can work together though and take action to resolve these situations if the client has a documented allowlist and blocklist.

    • Technical Controls:

    Control ID Description Tools/Methods
    a Disable WMI, PowerShell, and SSH on workstations; enable SSH temporarily for troubleshooting. NinjaOne RMM, Microsoft Windows PowerShell, SOP
    b Enable SSH on servers for secure remote management. NinjaOne RMM
    c

    Deploy Endpoint Detection and Response (EDR) and Managed Detection and Response (MDR) agents across all compute resources.​

    		  NinjaRMM, Blackpoint SNAP Agent
    d Ensure continuous monitoring and analysis of endpoint activities to detect and respond to potential threats.​ Blackpoint SNAP Agent
    e Facilitate collaboration between EDR/MDR solutions and the Security Operations Center (SOC) to coordinate rapid incident response and remediation efforts.​ Blackpiont SNAP Agent
    f Deploy relevant VPN Clients for clients remote access. ZeroTier, Cloudflare WARP
    g Deploy relevant VPN Clients or DNS Roaming Agents on laptops to filter content and protect the user from triggering malicious activity. DNSFilter Roaming Agent
    h Implement a 5-minute lockout after 10 failed login attempts. NinjaOne RMM
    I Activate screen lock after 12 hours of inactivity. NinjaOne RMM
    j Deploy operating system patches as per schedule. NinjaOne RMMRMM, Windows OS Patching
    k Install drivers according to the deployment schedule. NinjaOne RMMRMM,  Windows Driver Patching
    l Deploy essential third-party applications per schedule. NinjaOne RMMRMM, WIndows 3rd Party Patching
    m Install Line of Business (LOB) applications as scheduled. NinjaOne RMMRMM, Client Specific SOP
    n Application Allowlist blocklist N/A
    Back to top