Endpoint Hardening (best practices) - Security Boulevard

Endpoint Hardening (best practices)


Endpoint hardening: If you were to tell the average person that you were going to be performing this task for your organization, they’d probably ask if you were a blacksmith. However, in this case, we’re going to talk about creating defenses for our systems instead of offenses. 

Endpoints are everywhere now: mobiles, laptops, toasters, the list goes on and on. Because these endpoints almost always have their own independent web connections, we need to make sure that they are locked down as much as possible to prevent them from being remotely damaged or being used as a staging ground for attacks into our network. Endpoint hardening is essentially turning off and/or blocking as much as possible on the device without affecting required functions. 

There are a number of things we can do right off the bat that are part of standard practices, but in the context of endpoint hardening, they deserve a refresher.

Hardening the software

We can start off with Strong Password Requirements and/or Two-Factor Authentication (2FA). While the specifics for strong passwords can vary from organization to organization, the simplest implementation is using a passphrase instead of strictly a password — more along the lines of a favorite song lyric, a movie quote, a passage from your favorite book and so on. Then combine this with upper and lowercase characters, numbers and symbols. 

Once you have this passphrase, it will need to be regularly changed so that if it does become compromised, it is only valid for so long. 2FA significantly improves even a basic password because it also requires that the user have something on them in addition to something that they know. For mobile devices, having a strong PIN is just as important, as it is still one of the best defenses (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Kurt Ellzey. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/vwtkkYLoEhc/