Data-at-Rest Encryption: Protects stored data from unauthorized access in case the device is lost or stolen. - Data-at-Rest Encryption: Use BitLocker (Windows) or FileVault (Mac) to encrypt drives. Enable encryption for removable drives using tools like BitLocker To Go. Use the Encrypting File System (EFS) for file/folder-level encryption in Windows., Password Best Practices - Complexity Requirements: Length: Require at least 12 characters. Character Types: Include uppercase, lowercase, numbers, and special characters. Expiration Requirements: Set passwords to expire every 60-90 days (optional, based on organizational policies). , BIOS/UEFI Passwords: - BIOS/UEFI Passwords: Configure a supervisor or admin password in the BIOS/UEFI to prevent unauthorized system configuration changes. Set a boot password to restrict unauthorized system startup., Restrict User Permissions: - Restrict User Permissions: Use the principle of least privilege: assign users the minimal permissions necessary for their tasks.  , Restrict Login Times: - Restrict Login Times:Define allowable login times via Local Security Policy or Group Policy for specific user accounts., Disable Guest Account - Disable Guest Account: Open Control Panel > User Accounts > Manage another account, select the guest account, and disable it., Use Failed Attempts Lockout: - Use Failed Attempts Lockout: Configure account lockout after 3-5 failed login attempts to mitigate brute-force attacks., Use Timeout/Screen Lock: - Use Timeout/Screen Lock:Set workstations to automatically lock after a period of inactivity via Settings > Accounts > Sign-in options., Change Default Administrator’s User Account/Password - Rename the default administrator account to a unique name to reduce targeting. Set a strong, complex password for the administrator account., Disable AutoRun: : Prevent automatic execution of potentially malicious programs from USB drives or CDs. - Disable AutoRun: Open gpedit.msc (Group Policy Editor). Navigate to Computer Configuration > Administrative Templates > Windows Components > AutoPlay Policies. Enable the policy to turn off AutoRun. , Disable AutoPlay: - Disable AutoPlay:Go to Control Panel > AutoPlay, uncheck Use AutoPlay for all media and devices., Screensaver Locks: - Screensaver Locks:: Configure screen locks to activate after 5-15 minutes of inactivity. Enable via Settings > Personalization > Lock screen > Screen timeout settings. , Log Off When Not in Use: - Log Off When Not in Use:Educate users to log out when leaving their workstation unattended., Secure/Protect Critical Hardware: - Use physical security measures (e.g., laptop locks or secure docking stations). Store laptops and devices in locked drawers or cabinets when not in use., Secure PII and Passwords: - Secure PII and Passwords:: Encourage users to use password managers for secure storage. Avoid saving passwords in browsers unless properly secured.,

a+1102 2.6 configure a workstation to meet best practices for security

от
За вграждане

Табло

Визуален стил

Опции

Шаблон за превключване

Възстановяване на авто-записаната: ?