HID Crescendo C1150 Administration Guide User Manual

HID Global Crescendo C1150 – Administration Guide

Page 114 of 115

November 2013

© 2013 HID Global Corporation. All rights reserved.

2. Confirm that computer operating systems and desktop applications remain up to date on

all security patches.

3. Reconfigure computer operating systems to only allow authorized software. For instance,

users of the Windows operating systems should use available technologies such as the
Software Restriction Policies and AppLocker, which offer a range of policies to block
malicious scripts, help lockdown a computer, or prevent unwanted applications from
running.

4. Users should not be using an account with administrator privileges for day-to-day

activities.

5. Lockdown the security of the browsers according to the vendor’s security best practices.

6. Lockdown the security of email clients according to the vendor’s security best practices,

especially to guarantee that attachments are handled securely.

7. Lockdown the platform configuration according to industry best practices – for U.S.

government customers, leveraging the Federal Desktop Core Configuration (FDCC),
United States Government Configuration Baseline (USGCB) approved configurations or
the STIGS recommendations, which are part of the DoD Information Assurance.

8. Install anti-key logger software; select software options that cover all desktop applications.

9. Train users on social engineering risks, and best practices to handle their PIN and

interacting with applications.

Social media networking websites (such as Facebook and LinkedIn) have become
extremely popular for networking professionally and personally, raising the visibility of
these sites for potential threats. In particular, educate employees that they should not
accept invites from people they do not know, nor execute embedded applications made
available through such sites. Also, if your organization has a formal policy on accessing
social media sites, it is always good to reinforce the policies.

10. Educate employees on the risks of emails that appear suspicious. In a large proportion of

successful attacks, the malware infects a PC via an email attachment. In particular,
employees should be extremely cautious about opening unsolicited attachments sent
from users outside of the corporate network. If there are concerns about the email alert
your IT Department.

11. Instant Messaging is also another approach that can be used to infect a PC with malware

or for a person to reach out to acquire confidential employee information or employee
email addresses. Educate employees not to accept or respond to such requests, without
confirming the authentication of the request by contacting the perspective company.

12. Train users on smart card and PIN best practices: remove your card from the reader

when you leave your desk; this will lock the workstation and in parallel prevent any
malware from using your card. Be cautious about any application that asks for your PIN;
provide it to applications that you know need to access your card for legitimate
authentication and signature needs. Also, check if your middleware and smart card reader
provide visual clues about smart card activity (icon blinking, LED changing color) – it
helps keeping control of your smart card operations.