The initial steps towards developing an effective desktop security policy is to identify exactly what it is that you are trying to achieve, and why you want to achieve it. It sounds very simplistic, however, many technology administrator bypass this fundamental. Many claim that they want their PC's to be SECURE, when in actuality they really want to reduce IT resources in fixing computers from daily mishaps.
Questions that should be asked:
Are you trying to protect your computers from intentional user attacks?
Are you trying to prevent users from seeing particular files and folders on a certain PC or server hard drive?
Are you trying to teach students how to use the classroom PC – but are afraid of inadvertent user errors?
What step should I take to achieve my level of security or PC maintenance. If you were to answer the first question “Are you trying to protect your computers from intentional user attacks?" The reasons why could be as diverse as:
These diverse reasons will lead to completely different desktop security solutions – A foundation of your overall Desktop Security Strategy.
There are both proactive and reactive solutions and perhaps a good blend should be the part of any overall strategy. Just how much of each is determined by your organizations requirements.
Proactive solutions or Desktop Security Solutions, are put in place in order to block or prevent an action from occurring. For example, if you want to prevent a user from running DOS commands or make changes to a PC's configuration, you may install a program such as Desktop Security Rx – to prohibit the CMD command and hide the Control Panel applet so that it can not be accessed by student users. Desktop Security solutions are put in place when it is essential to keep users on task, while keeping their systems and network secure from security threats.
Reactive solutions refer to measures that are put in place so that administrators can easily recover from any security related issue or change in PC configuration. For example, a student who has delete critical system files, changed printer and network configuration settings or installed unauthorized software onto a workstation. Reactive solutions such as RollBack Rx and Drive Vaccine allow users to have full functionality and access to the available workstations. However, they can be restored to any desired configurations relatively quickly. These reactive “Roll Back” solutions are designed for public access computers and computing environments where administrators place a slightly higher value on recovery and PC maintenance over proactive security.
By reviewing the above solutions and identifying what it is that you are attempting to secure and what your expectations are - you'll be able to better decide how to improve your organizations desktop protection stategy.
