Recommended Desktop/Workstation Auditing TasksPerforming desktop audits is an important part of the Rule of the Three-Fold Process. Desktops are simply extensions of servers and networks, and if desktops are vulnerable, so is everything else. When auditing desktops, the goal is to make sure adequate security controls are installed and maintained, and to ensure that end-user desktop policies are being practiced. In a large environment, it is often impractical to perform a desktop audit of every workstation. A good sampling would be to look at 5 10% of the systems, making sure to get samples from different areas. In smaller environments with around 50 workstations, this number should be increased to around 20%. And in an environment with 20 or less workstations, it is recommended that every workstation be audited. Here are some common things to look for during a desktop audit:
|