The Process: Designing A Strategy For Hardening Clients

By Author: Jasmine
Total Articles: 286
Comment this article

Client computers are hardened by configuring security settings and securing applications. To design Designing exam strategy for Windows 2000 and Windows XP Professional client computers, security designers follow a process like this one:
1.Design baseline and incremental security templates for each OU.
2.Design administrative templates for each OU.
3.Design software restriction policies for each OU.
4.Design an implementation strategy for security templates, administrative templates, and software restriction policies.
The folio-wing topics teach what you need to know to complete these steps.
System monitoring Consider allowing only Administrators to have the Profile Single Process right. This right allows users to use monitoring tools for system performance. It is not necessary in order to use the System Monitor. Llowever, if the System Monitor is used to collect data using Windows Management Instrumentation (WMI), sensitive information might be available Free Security+ practice exams ...
... that would assist an attacker.Restricting this right to Administrators prevents all others from obtaining that data.
Backup and restore Consider splitting these rights by giving the right to back up files and directories only to Backup Operators and reserving for Administrators the right to Restore Files And Directories. A user who has the Restore Files And Directories right can restore an old backup over current information and thus destroy the current data. Backup Operators have access to backup tapes and disks. By restricting the Restore right to Administrators, you prevent rogue backup operators from accidentally or maliciously damaging systems.
Audit policies Consider the need for audit records on the client system. Audit records on client systems might be perceived to be of less importance than those on server systems. However, the value of audit records is twofold. One value is their ability to assist in intrusion detection. The other is to determine what happened, who did what, and when something happened. Therefore, you should consider 70-680 enabling auditing. Table 11-1 lists recommendations for auditing for Windows clients.