Let's assume the basics have been taken care of:
- Your laptop is approved by your IT/IS support group, purchased (or
leased) from a reputable vendor and includes a maintenance
contract -- laptops do catch fire (one very good reason for
turning them off when not being used), batteries may be recalled,
disk media will fail, flex-connectors stop flexing, etc. That's
especially painful when you're traveling.
- From the
Windows Security Center you can manage a few security
essentials (as an "Administrator" click on the Start menu
and then click on the Control Panel):
- The laptop is fully patched, at the current service pack level
and configured for automatic patching from the Windows Update Center (or
perhaps your IS/IT department runs an update service). See SANS Tip.
- The laptop has the Windows Firewall configured -- with no exceptions.
- You have a current version of some reputable Anti-Virus (AV)
agent (eg. we use Symantec
but there are many others) and regularly receive updates to the
AV definitions. See SANS Tip.
Beware: three AV problems -- a) many laptops come with a
demo AV that expires, b) many require manual intervention to
update AV definitions (we have a campus service and clients pull
AV updates every hour), c) AV software requires periodic
maintenance and may need to be replaced. See Symantec Anti-Virus
Exposure (2007/01/12).
- You use some reputable anti-Spyware technology (cf. AV
technologies). Microsoft offers
Windows Defender, many AV vendors (like Symantec) include
anti-Spyware support within their AV product.
Cf. Microsoft's
Security
at Home advice -- the basics.
