Endpoint Protection and Management
PC management

Desktop Inventory and Maintenance
A detailed inventory of all hosts on the network, such as workstations, servers, and laptops should be kept. This inventory should include the serial number of the computer, the type of hardware and software that is installed, and the name of the individual that is responsible for the computer. It is particularly important to provide employees with adequate training to educate them about keeping laptop computers secure .

When software, hardware components, and storage devices are replaced the inventory should be updated to reflect the change. A procedure for the disposal of hardware that is no longer being used needs to be in place. Any storage media will need to be disposed of properly to make sure that the data is not recovered by unauthorized individuals. There have been many cases of confidential data being recovered by individuals that have acquired used hard drives. Letting this data fall into the wrong hands could have serious consequences, including legal action being taken against the organization that did not take appropriate steps to make sure that the information remained private.

Update Anti-virus Definitions
As new virus or Trojan horse applications are released, enterprises need to keep up to date with the latest antivirus software and application versions. Antivirus software can only stop viruses and Trojan horses if there is a known signature to identify the malicious object.

In order for virus scanning to be successful, the following should be completed at regular intervals:

  • Routine host local file scanning
  • Routine virus list and signature updating
  • Routine monitoring of alerts generated by the host scanners

Update HIDS and HIPS Signatures
The effectiveness of an HIDS or HIPS depends on the update status of its signature database. A brand new exploit can slip past an HIDS or HIPS that does not have the signature of that exploit yet. Another issue is that signatures can be too broad, which can generate many false positive alerts. HIDS and HIPS signatures need to be updated on a regular basis. Alerts and logs should be monitored so that ongoing tuning of HIDS and HIPS implementations can be performed.