Managing Desktop Security
Why Is Desktop Security Important?
Desktop security can be thought of as the first line of defense on a company’s network. By having proper security policies in place, many malware and virus outbreaks can be stopped before they become too big a problem, or they can be avoided altogether.
Desktop security within a corporate network is generally managed from a central server with enforced group policies. When a PC system logs onto the network, it authenticates itself against the domain controller and receives the start-up scripts that control the computers behavior on the network. This provides the centralized control that makes administering large networks much easier to accomplish.
We offer practical solutions to real-world security threats with our hands-on training and up-to-date study materials. Visit securityiq.infosecinstitute.com to learn more.
[Free] Marine Lowlifes Campaign Kit
You don’t need an unlimited budget or dozens of hours to create a truly engaging security awareness campaign. You just need the right resources and a playbook.
[Download] Free Security Awareness Kit
Evaluating Your Desktop Security
The primary security consideration when talking about desktop security has to be your users. Users on a network have unparalleled access to your organizations resources, and this access creates vulnerabilities in your security. While most users don’t intentionally cause damage to your network, there are unintended consequences when users find themselves ignoring best practice and opening emails and attachments from unverified sources. It is therefore very important to classify users by security designation, and permit access through this hierarchical structure.
- Guest: This level of access is very limited, and does not allow users to make changes to any files or settings on their own PC. It limits network access and allows read-only file access to network shares, where the shares are accessible.
- User: This is usually the most common user type on any given network as it is the standard assignment that employees are given in terms of their sign-ons. Generally speaking, users will be able to edit any local settings except for basic print and screen options. Network shares are compartmentalized to allow users within specific departments to have access to relevant network shares.
- Power User: This designation is sometimes used for supervisors that perform basic administration tasks as well, such as password changes for standard users and guests. Local settings can be changed on the power user’s desktop PC, but any domain level changes are off limits.
- Administrator: This is the highest level of access that is granted on both a desktop system as well as a network resource. The administrator is given top-level access and can change network and desktop settings as needed. The administrator username and password must be treated as confidential at all times, and must not be shared with any unauthorized personnel.
Process and Implementation
The IT security policy is normally contained within your IT department’s security and procedures documentation, and will outline what your company’s stance is on both its desktop and network operation for users. The document outlines:
- What happens when a new user joins the organization and how their user access is determined and provisioned by the IT department.
- Fair usage and acceptable usage of company resources, including internet, email and printing services.
- What constitutes improper use of IT equipment and resources, and what constitutes a breach in IT policy.
Once this document has been formulated and circulated throughout the organization, it is up to the IT department to follow and enforce the IT security policy at all times. The document will outline basic concepts such as password security best practice, as well as what is expected from employees while they are logged onto their systems during working hours.
Most companies offer flexible working hours, which means that users can connect from home and work remotely via a remote desktop service such as a terminal server. This usage is also governed by the IT security document, and users that have access to such resources must always be informed of their responsibilities while connected.
Technologies That Protect Your Data
In many of the scenarios outlined above, security measures are in place, constantly protecting users and their privacy while connected to the company’s network. The technologies involved vary from network to network, based on the requirements of the specific business applications that the organization may use. We will briefly outline a few different types and how they protect users from security threats:
- SSO, or Single Sign On, is a login credential methodology that grants user access to many different resources by providing just one username and password. Their access will be determined by the system administrator. You can think of SSO portals as being a launch pad for applications that a user might need to use during the course of their day, such as email and office productivity suites. The main advantage here is that each application launches as its own secure window, meaning that each application can be managed effectively via a session manager. So if any unauthorized access is detected by the system administrator, the session can be terminated and the user account can be locked.
- Encryption adds an additional layer of security for users both locally on your network, and those that connect from remote sites via the internet. Encryption works by coding transmissions with a cipher on one end, and then decoding on the other end. The key is shared only with the parties that are connected for the session, thus allowing a secure connection that is impossible for outside parties to decrypt in any meaningful way. Encryption is used in many technologies such as remote desktop applications, secure web browsing, both text and video based communications and much more.
- VPN or Virtual Private Networks is a method that uses encryption to secure its communications, but creates a virtual tunnel between clients and the network. This gives the illusion of being on the same network as your company, even if you are in another country. This means that you will be able to browse network resources, like mapped network drives, and browse your company’s intranet as if you were back at your desk. The only downside is that latency can become an issue if your organization cannot provision enough bandwidth for this service.
What Are the Most Vulnerable Components of Desktop Security?
Desktop security has many pitfalls associated with it, and the struggle for system administrators to keep networks secure and stable has become very difficult in recent years. Some of the main areas where security can be major concern come from the user, especially the desktop PC that they use as their primary workstation. This means that applications need to be monitored and locked down via a group policy, and specific firewall access needs to be limited for certain websites and domains. Some of the most likely areas of vulnerability are:
This is the most accessed resource on any network. It is user intensive as it serves as the primary communication method in many organizations. As a result, users can receive hundreds of emails every day, with mail servers handling thousands of messages and attachments. Cybercriminals use email in a variety of ways to try and fool users into giving up security details. Some of the methods that they use are:
- Phishing: This is a relatively new method of email fraud, and is surprisingly easy to accomplish. Criminal organizations will download the webpage of an internet banking logon page or any other similar portal and then host it on one of their own web servers. An email is sent out that looks as though it came from the service provider in question, stating that the user must log on immediately as part of a security procedure. The link in the email is actually a hypertext link that redirects unsuspecting users to the fake version of the website that is hosted on the criminal’s web server. This web server is equipped with a key logger, so whatever is typed in by the user can be retrieved and then used by the cyber criminals to login and compromise the user’s account.
- Infected Attachments: Sometimes an email can come from a totally legitimate source that the user has no reason to not trust, but that trusted source machine could be compromised with a virus that replicates itself and sends itself out via a bulk mailer. The attachment is usually labelled as a legitimate business document like an invoice or a quotation. In these instances, simply opening the attachment can infect the user’s PC. In many cases the infection is only detected when the email queue on the company’s email server starts to experience heavy outgoing traffic.
- Crypto/Ransomware: The latest strains of Crypto appear to be able to infect machines simply by opening the emails themselves. This is a particularly nasty piece of malware that encrypts user data with a very strong encryption cipher, making the recovery of all user files on the PC highly unlikely. The best course of action in these instances is usually a file restore.
Since the early days of Internet Relay Chat, programmers have been able to send attachments via Instant Messaging applications. As the programs grew more sophisticated over the years, so too did the efficiency of file and data transfer capabilities within these applications. What this means for current desktop users is that if they are chatting with an unknown source, receiving and opening an attachment could potentially open up their desktop PC and company network to viruses and malware. It is for this reason that Instant Messaging applications should be used with care on corporate networks. Sometimes an attachment is not even required to open up a vulnerability, as certain scripts can be executed remotely if security vulnerabilities exist within a user’s chat application.
Any web based platform that encourages file sharing should be used with extreme caution on a company network. Sophisticated scripts and applications can make it very easy for hackers and cyber criminals to gain access to a compromised desktop PC. Even seemingly harmless photos can harbour embedded malware in them, so users are encouraged to exercise extreme caution when accessing any social media services from the work place.
As is the case with our previous examples, internet browsers can also open up an organization to unsafe elements on the internet. Having a browser that is not patched with the latest security fixes can lead to a network being penetrated, which is why a patch cycle is essential for system administrators to follow. Users should always be aware of the content that they are viewing on the company desktops, and private webmail services should be avoided while connected through the organization’s network.
The practice of cold calling has started to become popular again, with criminals targeting both business and home users. A criminal usually calls the user on the telephone, saying that they are from the IT department, or from a large IT company. They try to gain access to a user’s PC via remote desktop applications, or by getting the user to download malicious software that will bypass the security on the network. It is never advisable to take instructions from an unverified telephonic source, and users are encouraged to query all such calls with their manager or IT department before proceeding.
Desktop Security Awareness Programs
IT departments should conduct special training for users within their organization to help highlight security issues such as the examples that we have looked at. The best place to start is usually by including basic training in the user’s induction procedures, so that from the time that they are introduced to the IT policy document and policies and procedures, they are equipped with the knowledge on how to safeguard both their desktop PC and the company network.
Lately, there have been instances of major outbreaks, such as WannaCry and other Crypto variants, so it is a good idea to set up some basic training to explain what ransomware does to a user’s files so that there is greater understanding about the consequences of such malware being unleashed on their desktop and the business network.
Desktop Security Awareness Tips and Resources
Being prepared for a security breach can mean the difference between a minor systems outage as opposed to full data loss. For this reason, we have compiled a list of great resources from within our own archives that we encourage you to take a look at on /
The below resources are packed with all of the information that you will need to combat the ever growing threat of security vulnerabilities to your desktop users, and should act as a great learning resource for you and your users.
Security Awareness for End Users
Security Awareness to Combat Ransomware
We offer a wide range of security related courses for IT professionals. If you have any queries please feel free to contact us here and we will be happy to assist you further.