Users can do only what you allow them to do. One of the best ways to keep attackers away from your network is to keep them away from your workstations. In addition to physical controls to limit unauthorized access to workstations, it is important to aggressively protect workstations from unauthorized logons. This means deploying a user account policy that makes it difficult for an attacker to log on as an authorized user. Here are some guidelines to protect your workstations from unauthorized access:

• Train all users on how to create strong passwords and protect user account credentials.

• Require unique user accounts with strong passwords for each user.

• Use the principle of least privilege to grant minimal rights and permissions to users.

• Audit failed access attempts.

• Audit all logons for privileged accounts.

• Enable account lockout after five failed logon attempts.

• Explore alternate authentication methods. For more privileged users or workstations, consider multifactor authentication.

• Remove or disable unused user accounts.

• Disable remote access.

A popular attack vector for central servers is to compromise a trusted workstation using malicious software. A workstation is often easier to compromise than a server due to the relative lack of attention to security controls. Workstations are frequent targets for attacks. Don’t forget to consider all workstations that will access your organization’s environment. This includes remote workstations. Remote workstations can be very difficult to manage, but you cannot overlook the security risks associated with any workstation.

You should require all workstations have anti-malware software installed before you allow them to connect to your environment. This includes antivirus and anti-spyware software. Ensure the software and the software’s signature databases are up to date. You can use Group Policy to enforce this requirement. You should also create a schedule to scan workstations for malicious software. Just because the software is present doesn’t mean the computer is clean. It is important to proactively scan workstations at least weekly along with active anti-malware shield software to maintain as clean an environment as possible for your workstations.

Despite your best efforts, it is possible that one or more of your workstations may be compromised. One popular attack when targeting workstations is to place on a workstation malicious software that creates a flood of messages. Since the workstations inside your network are trusted nodes, your network will accept the traffic. There are several attacks that send a large volume of network messages that end up flooding the network and making it unusable for legitimate traffic. Attacks of this type are called denial of service (DoS) attacks. The result of a successful DoS attack makes information unavailable to authorized users since the network is too saturated to respond. If the attack coordinates with other compromised workstations, it is called a distributed denial of service (DDoS) attack.

You can protect your network from many DoS and DDoS attacks by configuring each workstation’s firewall to filter outbound traffic. Most DoS and DDoS attacks create traffic that a firewall can easily recognize and refuse to pass onto the network. Although your workstation has still been compromised, the attack is not effective if the traffic doesn’t make it to the network. Make sure all workstations have active and up-to-date firewall rules that filter incoming and outgoing traffic for known suspicious packets.