Desktop Security
Regardless of the operating system used, connecting to the University network provides a user high speed direct access to the internet. Conversely, it provides the internet high speed direct access to the users' desktop via its network connection.
It is well documented that the Windows operating system is not the most secure. A good part of this is based on the choices Microsoft has made for the "default" installation that is provided from the Microsoft CD. A user can install an entire operating system with just a small amount of information and a few clicks. They then become the administrator of a very powerful device and frequently know little about what that device is actually doing.
From a network viewpoint, that installation leaves much to be desired with respect to security. Simple issues such as not installing services unless needed, changing default passwords for service accounts, guest access and remote access all immediately rise to the surface as items to be addressed in a new installation. If you don't address these issues immediately your machine may now have the security openings needed for it to become compromised and used for ilicit activities.
Many organizations provide information and documentation to "harden" a system to help protect it. These can include the reputable agencies such as the NSA all the way down to user and company blogs available on the internet. Microsoft itself provides many documents and recommendations on how to properly secure a system. The biggest issue is that one of these recommended standards is used to do some upkeep on any newly established desktop.
For all supported desktops across the University, OCCS has used the National Security Agency recommended security configuration as a baseline and adjusted system settings from there to insure operation and compatibility with other systems. To assist administrators in establishing new systems that provide a higher security posture, we are providing those settings in a template form along with documentation describing how to use the template on your workstation.
Download the compressed file, extract its contents and follow the guidance provided in the ODU Hardening Guide-1a.pdf file