How to (really) harden Windows clients

So, you say you finally got that new set of Windows-based laptops and your boss wants you to make sure they're secure before they go out? Or worse, you've just been audited and were made to look like you don't know what you're doing by a contextually impaired auditor whose entire security knowledgebase exists in a checklist?

Either way, you've got some tough decisions to make and, potentially, a lot of work ahead of you if you don't think through your hardening strategy before you get started.

The simple -- seemingly logical -- thing to do would be to download your favorite hundred-page document on how to harden Windows from your favorite security "non-profit" on the Internet and implement its thousands of recommendations. Or, you could just take your auditor's report and proceed down the list. Not so fast! Too much time, effort, context, criticality of systems and more come into play here. So, instead, do you start up a formal "security awareness program" and place most security responsibilities in the hands of your users? Absolutely not! How to (really) harden Windows clients

Linked by shanmuga Saturday, 8th April 2006 8:28AM