Editor's Note: Preparation is in the Approach

Systems management and protection go hand in hand when it comes to securing your desktop environment.

By Mitch Irsfeld

Professional athletes, no matter what the sport, have a common refrain when it comes to success: “Championships are won in the off season.”

Likewise, when it comes to desktop security, preparation is the main success factor. The one question you keep asking over and over is “Am I prepared?” You might be able to answer it today, but ask it again tomorrow. Better yet, learn how to ask it a different way, because the attackers have already discovered new ways to thwart your protections.

The best way to achieve a secure desktop environment is start with the fundamentals and develop and ongoing approach to build and evolve your security foundation.

To guide that thinking, this edition of TechNet ON looks at the best way to approach and then implement desktop security. We start with a security philosophy in Joshua Hoffman’s TechNet Magazine article Take a “Defense in Depth” Approach, which looks at protecting the computing environment from as many different potential vectors of attack as possible, from malicious software installations to lost or stolen mobile devices.

Hoffman describes the specific tools that work in concert to protect a diverse computing environment. Separately in TechNet ON, you’ll find step-by step guides and overviews for these tools, including:

• BitLocker Drive Encryption
• Applocker
• User Account Control
• Group Policy
• DirectAccess

Next we take the approach into practice against a particularly nasty type of attack, the distributed denial of service (DDoS). With this type of threat, the goal is to not only protect against the attack, but also repair the endpoints and the network after an attack. Dan Griffin’s The Four Pillars of Endpoint Security describes the fundamental aspects of an endpoint security model that allows the affected devices and networks to perform while under attack and heal themselves following an attack. Griffin also walks through the Four Pillars of EndPoint Security in this five-minute video.

A key point in Hoffman’s Defense in Depth article is the importance of management and controlling how software is deployed within an organization. And that’s the reason Microsoft has merged its endpoint protection software with its operations management software in the upcoming Forefront Endpoint Protection 2010.

PMelding endpoint security and operations management

Microsoft made a strategic decision to build Forefront Endpoint Protection on System Center Configuration Manager. Centralizing endpoint protection makings it less costly and more efficient for IT to manage and secure desktops. It simplifies deployment of patches and enables IT to scale deployment of policies to hundreds, or even thousands, of clients at once. This, in turn, reduces the attack surface of all PCs in the enterprise and accelerates incident response.

For more on the benefits of this strategy, read the Forefront Team Blog post Converging Endpoint Security and Management: “It just makes sense.”

The Forefront Endpoint Protection 2010 beta is now available, built on  System Center Configuration Manager 2007 R2, allowing Configuration Manager users to use their existing client management infrastructure to deploy and maintain endpoint protection. For beta users, see the must-read documentation Getting Started with FEP.

And to help you implement your desktop security model, we’ve compiled a host of training options, including a free lesson from Microsoft Learning, Managing Users and Groups, which is and excerpt from the upcoming Course 10325A: "Automating Administration with Windows PowerShell 2.0.” Also check out these free online clinics:

• Clinic 6078: Deploying Microsoft Forefront Client Security
• Clinic 6079: Managing and Troubleshooting Operations in Microsoft Forefront Client Security

A secure desktop environment starts with a holistic approach. And, as always, your approach starts with the fundamentals. The resources in this edition of TechNet ON can help you create the foundation that can evolve with your networks.

Mitch Irsfeld*, Editor of TechNet, is a veteran computer industry journalist and content developer who managed editorial staffs at several leading publications, including* InformationWeek, InternetWeek and CommunicationsWeek*. He is also an editor for* TechNet Magazineand managing editor of the TechNet Flash newsletter.