Today there is a seminar organized by Cisco , Data Center 3.0 Statergy event at Meridian. Hopefully I get more info which I can post here. The last Cisco Expo I attended was held two months back. Which was simply outstanding. Ok now lets get back to out Series of Security Policies, today I am going to eloborate the Client Security policy.
“IS” CONSIDERED THE FOLLOWING:
1. If attachment via the Internet is allowed, be absolutely certain that home users who attach via the Internet do not have file sharing turned on. For Windows clients, use automatic scanning software across the range of IP addresses attached to the network to make sure that no clients respond on TCP/IP port 139.
2. Instruct users to avoid inappropriate local access and creating or modifying shares.
3. Remove the remote access and dial-up connection services from clients on the network. There should be no need for remote access outbound connections from computers on networks that are connected to the Internet.
4. Organisation owned computers used by work-at-home telecommuters cannot be connected to the Internet or used by any family member other than the employee.
5. Employees shall use their own computers at home for entertainment or personal interests.
6. Client computers shall not be configured to use any sort of remote access software.
7. Clients shall not be configured to answer dial-in security connections.
8. Do not allow users to install software on their clients. Take removable media drives like floppy,CD-ROM, and Zip drives out of client computers since all authorized software installations can occur over the network.
9. Do not install file and print sharing on clients unless absolutely necessary. Encourage users to store all files on network file servers, and create server pools of resources.
10. Remove all modems and other alternative access devices from client computers.
11. Each client computer should have one-and only one-possible connection to any data network.
12. Restrict logon access to the network to the computers that an employee normally uses. This makes it impossible to exploit an account name and password from anywhere other than the user’s regular computer except nursing stations.
13. Disable all unused I/O ports, especially parallel ports, USB ports that are not attached to printers,since many alternate access devices are capable of attaching through the printer/USB port.
14. Disable unused serial /USB ports in the BIOS of client computers. But strong administrative passwords in the BIOS setup pages of client computers to maintain central control of network security.
My Personel Website:www.yasirirfan.com