Securing Desktop Workstations
Derek Simmel
Gary Ford
Julia Allen
Christopher Alberts
Barbara Fraser
Eric Hayes
John Kochmar
Suresh Konda
Networked Systems Survivability Program
Security Improvement Module
CMU/SEI-SIM-004
Securing desktop workstations should be a significant part of your network and information-security strategy because of the sensitive information often stored on workstations and their connection to the rest of the networked world.
Many security problems can be avoided if the workstations and network are appropriately configured. Default hardware and software configurations, however, are set by vendors who tend to emphasize features and functions more than security. Since vendors are not aware of your security needs, you must configure new workstations to reflect your security requirements and reconfigure them as your requirements change.
The practices recommended here are designed to help you configure and deploy networked workstations that satisfy your organizations security requirements. The practices may also be useful in examining the configuration of previously deployed workstations.