Skip to main content
Mitch Irsfeld

TechNet Flash, Volume 12, Issue 20 - October 6, 2010
TechNet Flash Editor's Note from Mitch Irsfeld

Develop Your Approach to Desktop Security

The best way to achieve a secure desktop environment is to start with the fundamentals and develop an ongoing approach to build and evolve your security foundation.

To guide that thinking, the latest edition of TechNet ON looks at the best way to approach and then implement desktop security. We start with a security philosophy in Joshua Hoffman's TechNet Magazine article Take a "Defense in Depth" Approach, which looks at protecting the computing environment from as many different potential vectors of attack as possible, from malicious software installations to lost or stolen mobile devices.

Hoffman describes the specific tools that work in concert to protect a diverse computing environment. Separately in TechNet ON, you’ll find step-by-step guides and overviews for these tools, including:

Next we take the approach into practice against a particularly nasty type of attack, distributed denial of service (DDoS). With this type of threat, the goal is to not only protect against the attack, but also repair the endpoints and the network after an attack. Dan Griffin's The Four Pillars of Endpoint Security describes the fundamental aspects of an endpoint security model that allows the affected devices and networks to perform while under attack and heal themselves following an attack. Griffin also walks through the Four Pillars of Endpoint Security in this five-minute video.

A key point in Hoffman's Defense in Depth article is the importance of management and controlling how software is deployed within an organization. That's the reason Microsoft has merged its endpoint protection software with its operations management software in the upcoming Forefront Endpoint Protection 2010.

Melding Endpoint Security and Operations Management
Microsoft made a strategic decision to build Forefront Endpoint Protection on System Center Configuration Manager. Centralizing endpoint protection makes it less costly and more efficient for IT to manage and secure desktops. It simplifies deployment of patches and enables IT to scale deployment of policies to hundreds, even thousands, of clients at once. This, in turn, reduces the attack surface of all PCs in the enterprise and accelerates incident response.

For more on the benefits of this strategy, read the Forefront Team Blog post Converging Endpoint Security and Management: "It just makes sense."

The Forefront Endpoint Protection 2010 beta is now available, built on System Center Configuration Manager 2007 R2, allowing Configuration Manager users to use their existing client management infrastructure to deploy and maintain endpoint protection. For beta users, see the must-read documentation Getting Started with FEP.

And to help you implement your desktop security model, we’ve compiled a host of training options, including a free lesson from Microsoft Learning, Windows PowerShell Script Security, which is an excerpt from the upcoming Course 10325A: Automating Administration with Windows PowerShell 2.0. Also check out these free online clinics:

Thanks for reading,

Mitch Irsfeld
Editor, TechNet Flash

Subscribe to the TechNet Flash Feed blog for news updates as they happen, often several times a day.