Desktop systems contain various forms of data, some more sensitive than others. Therefore, safeguard measures to secure that data are required.
Some users may have limited security awareness that the underlying architecture has to compensate for. Client systems can be gateways to critical information systems on a network. Communications hardware can also harbor vulnerable points of access into a distributed environment. Modems connected to computers that are linked to a larger network can create risks for the network with dial-in attacks.
The same applies with data that’s downloaded from the web and carries malicious code such as Trojan horses. The storage devices on client computers may not be protected from physical intrusion or theft, and data on client computers may not be secured with a proper backup.
Distributed environments are reliant on multiple security mechanisms to assure vulnerabilities are removed, monitored, or remedied. Clients are required to adhere to procedures that implement safeguards on their contents and their user’s activities. These safeguards include:
- Email screening to block malicious software that could penetrate the system.
- Assigning email policies that specify appropriate use and limits potential liability.
- Download/upload policies must be followed to allow for incoming and outgoing data to be screened and suspect materials to be blocked.
- Imposing access controls that can include multifactor authentication and/or biometrics, to monitor and deny access to client computers and prevent unwarranted access to servers and services.
- Graphic user interface mechanisms and database management systems should be implemented, and their use required to restrict and manage access to critical information.
- The encryption of sensitive files and data stored on client computers.
- The isolation of processes that run in user and supervisory mode so that unapproved access to privileged processes and capabilities is prevented.
- Protection zones should be implemented so that corruption of a client computer will not compromise the entire network.
- Disks and other sensitive materials should be safeguarded from unwarranted access.
- Client computers should be backed up regularly.
- Security awareness training should be available for client computer users.
- Client computers and their storage devices should be provided with safeguards against environmental hazards.
- Client computers should be included in disaster recovery and business continuity planning.