Recommended Desktop/Workstation Auditing Tasks

Performing desktop audits is an important part of the Rule of the Three-Fold Process. Desktops are simply extensions of servers and networks, and if desktops are vulnerable, so is everything else. When auditing desktops, the goal is to make sure adequate security controls are installed and maintained, and to ensure that end-user desktop policies are being practiced.

In a large environment, it is often impractical to perform a desktop audit of every workstation. A good sampling would be to look at 5–10% of the systems, making sure to get samples from different areas. In smaller environments with around 50 workstations, this number should be increased to around 20%. And in an environment with 20 or less workstations, it is recommended that every workstation be audited.

Here are some common things to look for during a desktop audit:

• Is there antivirus software, are its signatures up-to-date, and is it updated regularly?

• Is there an active modem or other form of external access attached to the system?

• Does the workstation require a login at start-up? Do its passwords comply with local password policies?

• If idle for several minutes, does the workstation lock itself or initiate a password-protected screensaver?

• Does the desktop contain any sensitive or confidential information that should be stored on a secured server?

• Does the desktop have any hacker tools or unauthorized applications installed?

• Is the desktop physically secure? How easy would it be to walk out of the building with it?

• Are there any obvious physical flaws, such as passwords written on the monitor?

• Does a vulnerability scan yield show any vulnerabilities or malicious software?