STAFF SYMPOSIUM SERIES INFORMATION TECHNOLOGY TRACK FACILITATORS

Carl Brooks System Manager ‐ Detroit, MI Chapter 13 Standing Trustee – Tammy L. Terry Debbie Smith System Manager – Robinsonville, NJ Chapter 13 Standing Trustee – Al Russo Scot Turner System Manager –Las Vegas, NV Chapter 13 Standing Trustee – Rick Yarnall Tom O’Hern Program Manager, ICF International, Baltimore, MD STACS ‐ Standing Trustee Alliance for Computer Security STAFF SYMPOSIUM ‐ IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 1 Information Systems Managers

Windows 10

Debbie Smith System Manager Regional Staff Symposium ‐ IT Track May 11 and 12, 2017 Las Vegas, NV

STAFF SYMPOSIUM ‐ IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 2 Windows lifecycle fact sheet

End of support refers to the date when Microsoft no longer provides automatic fixes, updates, or online technical assistance. This is the time to make sure you have the latest available update or service pack installed. Without Microsoft support, you will no longer receive security updates that can help protect your PC from harmful viruses, spyware, and other malicious software that can steal your personal information. Client operating systems Latest update End of mainstream End of extended or service pack support support Windows XP Service Pack 3April 14, 2009 April 8, 2014 Service Pack 2April 10, 2012 April 11, 2017 * Service Pack 1 January 13, 2015 January 14, 2020 Windows 8.1 January 9, 2018 January 10, 2023 Windows 10, July 2015 N/A October 13, 2020 October 14, 2025 * Support for Windows 7 RTM without service packs ended on April 9, 2013. Be sure to install Windows 7 Service Pack 1 today to continue to receive support and updates.

STAFF SYMPOSIUM IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 3 Windows 10 Pro vs Enterprise

STAFF SYMPOSIUM IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 4 Initial Config. & Deployment Issues

 Which version of Windows 10? ◦ HOME version cannot join domain ◦ PRO version (after anniversary update [version 1607]) cannot disable store via GPO (there is a workaround)  Will include new ‘features’ with updates ◦ ENTERPRISE version has 2 license models  E3 – access to all Windows 10 Enterprise Features ◦ Pay‐as‐you‐go cloud license $7 p/user p/month ($1,932 p/year for 23 users) ◦ Open Business License $294.99 ($6,785 one‐time purchase)  E5 –E3 plus Windows Defender Advanced Threat Protection

STAFF SYMPOSIUM IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 5 Initial Config. & Deployment Issues ◦ If you upgraded to the FREE version of Windows, you got Home or Pro –Enterprise was never free ◦ ENTERPRISE Long Term Servicing Branch (LTSB)  Does not include: ◦ Cortana ◦ Windows Store ◦ Edge browser ◦ Photo Viewer ◦ UWP version of Calculator (replaced by classic version)  Will not receive any feature updates  Gives companies more control over the update process  Upgrade license $274.00 p/seat

STAFF SYMPOSIUM IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 6 Compare Windows Versions

STAFF SYMPOSIUM IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 7 Compare Windows Versions

STAFF SYMPOSIUM IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 8 Compare Windows Versions

STAFF SYMPOSIUM IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 9 Compare Windows Versions

STAFF SYMPOSIUM IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 10 Compare Windows Versions

STAFF SYMPOSIUM IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 11 Windows 10 Features

 Bitlocker > PRO & ENTERPRISE ◦ Upgrade laptops with HOME to PRO to get Bitlocker  Device Guard > ENTERPRISE ◦ Helps protect against malware ◦ Helps protect the Windows core from vulnerability and zero‐day exploits ◦ Allows only trusted apps to run  Applocker > ENTERPRISE ◦ Whitelist apps that can run on the machine

STAFF SYMPOSIUM IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 12 Windows 10 Features

 Managed User Experience > ENTERPRISE ◦ Restrict access to Cortana & Windows Store ◦ Remove and prevent access to Shut Down, Restart, Sleep & Hibernate ◦ Remove Log Off from Start Menu ◦ Remove Frequent Programs from Start Menu ◦ Remove All Programs from Start Menu ◦ Prevent users from customizing Start screen ◦ Prevent changes to Taskbar and Start Menu  Direct Access > ENTERPRISE –always‐on VPN

STAFF SYMPOSIUM IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 13 Initial Config. & Deplyment Issues

 Uninstall bloatware / games using Scot’s Powershell script ◦ Doesn’t remove everything ◦ Can’t remove store (after anniversary upgrade on Pro) ◦ Even though apps appear to be uninstalled, some come back when new user logs in  Sway, Feedback Hub, OneDrive, Paid Wifi & Cellular  Must uninstall these as logged in user

STAFF SYMPOSIUM IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 14 Issues

 Cannot turn off updates in PRO version (can defer)  Set up ACTIVE HOURS so your machine doesn’t restart in the middle of the day (or in court) (Settings > Update & Security)  If you set your WIFI connection to ‘METERED’ Windows *should not* run updates  Set CHOOSE HOW UPDATES ARE DELIVERED (Settings > Update & Security > Advanced Options) and turn off updates to/from other computers on network

STAFF SYMPOSIUM IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 15 Group Policy Settings

 If your Windows Server version is prior to 2016, download ADMX for GPO templates ◦ There are 2 downloads –1 for machines running pre‐ anniversary update, and 1 for post

STAFF SYMPOSIUM IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 16 Group Policy Settings

 Security and functionality ◦ Prevent OneDrive Use ◦ Turn Off Cortana ◦ Turn Off App Updating ◦ Turn off Store (ENTERPRISE version only)  Workaround: Disallow access to store software ◦ Remove Store Icon from Taskbar ◦ Turn off Live Tile Notification ◦ Set Interactive Login (CTRL + ALT + DEL) and Login Message ◦ Turn off Action Center

STAFF SYMPOSIUM IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 17 Privacy Settings

 Everything in all categories off (unless necessary) ◦ Privacy > General: Opt‐out of personalized ads in browser  Stop Cortana from getting to know you  Turn off your location  Never send Windows feedback  Anniversary update changed previous settings back to default

STAFF SYMPOSIUM IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 18 Privacy Settings: Account Sync

 If you login with a Microsoft account, syncing settings may include sending passwords to Microsoft: TURN THIS OFF ◦ Settings > Accounts > Sync your settings

STAFF SYMPOSIUM IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 19 Information Systems Managers

Endpoint Management

Carl W. Brooks Manager of Information Systems Regional Staff Symposium ‐ IT Track May 11 and 12, 2017 Las Vegas, NV

STAFF SYMPOSIUM ‐ IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 1 Endpoint Devices

 Internet‐capable, TCP/IP network‐ capable Hardware

 Server  Tablets  Desktop  Thin clients  Laptops  Virtual Machines  Smart phones

STAFF SYMPOSIUM ‐ IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 2 Endpoint Security In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connection to the network creates a potential entry point for security threats. webopedia.com

STAFF SYMPOSIUM ‐ IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 3 Endpoint Management

 Asset Control  Endpoint Security  Software Management  Back Up Your Data  Communicate & Document Important Information  Redundancy

STAFF SYMPOSIUM ‐ IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 4 Asset Control

 Eliminate “Ghost” assets  Conduct physical asset inventories  Tag assets appropriately  Use the right labels for the job

STAFF SYMPOSIUM ‐ IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 5 Inventory Software

 Snipe‐IT ◦ www.snipeitapp.com  PDQ Inventory ◦ www.adminarsenal.com  Open AudIT ◦ www.open‐audit.org  Spiceworks ◦ www.spiceworks.com

STAFF SYMPOSIUM ‐ IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 6 Asset Disposal

 Repurpose or Dispose  Wipe Data  Removing Tags  Removing from Inventory  Removing from Premises ◦ Charity Organization ◦ Recycle ◦ Destroy \Shred ◦ Buy Back

STAFF SYMPOSIUM ‐ IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 7 Support Strategies Trustee and staff ◦In Office ◦At Court ◦At Home ◦On the Road 3rd Party Support\vendors Debtors\Trainees Visitors and Auditors

STAFF SYMPOSIUM ‐ IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 8  Strategies for supporting auditors and visitors ◦ Access to network for Internet, printing, Case data ◦ File transfer electronic files ◦ Credentialed access to network computer, case management software, ECF/PACER, Wi‐Fi/Internet

STAFF SYMPOSIUM ‐ IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 9 Endpoint Security

• Physical Security • Window/Desktop • management firewall • Anti‐virus, SPAM, • Risk/vulnerability Malware assessment • Browser Plugins • Security policy management • Endpoint Loss and Recovery

STAFF SYMPOSIUM IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 10 STAFF SYMPOSIUM ‐ IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 11 Security Considerations

 Using Computers (Dos and the Don’ts)  Personal device uses  Access to email  USB charging, connections to Trustee Equipment  Access to Wi‐Fi, LAN, VPN, Internet  Two‐Factor authentication

STAFF SYMPOSIUM ‐ IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 12 The Weakest Link: People

 A leakage can be avoided if the person involved can have better knowledge in data protection.  Users are recommended to develop information security mindset, build and reinforce good practice through regular updates of information security awareness.

STAFF SYMPOSIUM ‐ IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 13 Computer/Data Usage: Do’s

 Be accountable for IT assets and data  Adhere to Policy on Use of IT Resources  Use good judgment to protect data  Protect your laptop during trip  Ensure sensitive information is not visible to others  Protect your user ID and password

STAFF SYMPOSIUM ‐ IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 14 Computer/Data Usage: Don’ts

 Don’t store sensitive information in portable device without strong encryption  Don’t leave your computer / sensitive documents unlocked  Don’t discuss something sensitive in public place. People around you may be listening to your conversation

STAFF SYMPOSIUM ‐ IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 15 Surfing the Web: Do’s  Validate the website you are accessing  Be cautious if you are asked for personal information  Use encryption to protect sensitive data transmitted over public networks and the Internet  Install anti‐virus, perform scheduled virus scanning and keep virus signature up‐to‐date  Apply security patching timely  Backup your system and data, and store it securely

STAFF SYMPOSIUM ‐ IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 16 Surfing the Web: Don’ts

 Don't download data from doubtful sources  Don't visit untrustworthy sites out of curiosity, or access the URLs provided in those websites  Don't use illegal software and programs  Don't download programs without permission of the copyright owner or licensee (e.g. Torrent software)

STAFF SYMPOSIUM ‐ IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 17 Email: Dos  Do scan all email attachments for viruses before opening them  Use email filtering software  Only give your email address to people you know  Use PGP or digital certificate to encrypt emails which contain confidential information; staff can use confidential email  Use digital signature to send emails for proving who you are

STAFF SYMPOSIUM ‐ IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 18 Email: Don’ts  Don't open email attachments from unknown sources  Don't send mail bomb, forward or reply to junk email or hoax messages  Don’t click on links embedded in spam mails  Don’t click on links in mails when not expecting a link from known parties  Don’t buy things or login from links

STAFF SYMPOSIUM ‐ IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 19 Training your Users

https://securityiq.infosecinstitute.com

STAFF SYMPOSIUM ‐ IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 20 What are the Threats?

 Plain Old Deception: Phishing  Brute‐Force: Password Guessing  Web Browser Vulnerabilities  USB Drive Attack Vector  Outdated Software\Drivers  Outdated Firmware

STAFF SYMPOSIUM ‐ IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 21 How to Secure Endpoints  BIOS or Pins at bootup  Encryption –Disk, Device, Data  Disclaimers, Right to Use, Login consent to use/monitoring/no rights  Patch the system regularly  Install security software (e.g. web filtering, anti‐Virus, anti‐Spam, anti‐ Spyware, personal firewall etc.)  Beware of P2P software

STAFF SYMPOSIUM ‐ IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 22 Malware Solutions

 Kaspersky Endpoint Security for Biz  http://usa.kaspersky.com  Malwarebytes for Business  www.malwarebytes.org/business  Symantec Endpoint Protection  www.symantec.com  Fortinet Endpoint Protection  www.fortinet.com

STAFF SYMPOSIUM ‐ IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 23 Disk encryption is a technology which protects information by converting it into unreadable code that cannot be deciphered easily by unauthorized people. Disk encryption uses disk encryption software or hardware to encrypt every bit of data that goes on a disk or disk volume.

STAFF SYMPOSIUM ‐ IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 24 Disk Encryption

 Symantec Endpoint Encryption  Check Point Full Disk Encryption  Dell Data Protection Encryption  McAfee Complete Data Protection  Sophos SafeGuard  DiskCryptor  Apple FileVault 2  Microsoft BitLocker

STAFF SYMPOSIUM ‐ IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 25 • If your computer seems to be working fine, you may wonder why you should apply a patch. • By not applying a patch you might be leaving the door open for malware to come in. • Malware exploits flaws in a system in order to do its work.

STAFF SYMPOSIUM ‐ IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 26 Patch Management

 Operating System Patches  Office Software  Browsers (I.E., Chrome, Firefox, etc.)  3rd Party Software ◦ Adobe Acrobat (PDF) ◦ Adobe Flash ◦ Oracle Java

STAFF SYMPOSIUM ‐ IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 27 Patch Management

 Know your network  Scan and assess  Reply on a single source for patches  Have an “undo button” for patches  Support a good user and administrator experience  Stay organized  Right‐size

STAFF SYMPOSIUM ‐ IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 28 Patch Management  GFI LanGuard www.gfi.com  Shavlik Patch www.shavlik.com  Solarwinds Patch www.solarwinds.com  ManageEngine www.manageengine.com

STAFF SYMPOSIUM ‐ IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 29 Software Deployment  PDQ Deploy http://www.adminarsenal.com  EMCO Remote Installer emcosoftware.com/remote‐installer  Ninite https://ninite.com  Ketarin http://ketarin.canneverbe.com

STAFF SYMPOSIUM ‐ IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 30 Remote Management Issues • Intrusive vs non‐intrusive remote access • Cloud/Agent based remote access (maybe bad) • Backdoor into network • Excessive access through agent features and capabilities • Access control of remote vendor (enable, disable, terminate) • Who has access? (Local IT person, Cloud vendor, Case Management Vendor) • Using two factor authentication

STAFF SYMPOSIUM ‐ IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 31 Network monitoring is the use of a system that constantly monitors a computer network for slow or failing components and that notifies the network administrator (via email, SMS or other alarms) in case of outages. It is part of network management.

STAFF SYMPOSIUM ‐ IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 32 Network Monitoring

 Network Mapping  Device Health Monitoring  Network Traffic Analysis  Flexible Alerting  Wireless Network Monitoring  Automatic Device Discovery  Reporting

STAFF SYMPOSIUM ‐ IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 33 Network Monitoring

 PRTG  SolarWinds® NPM  Nagios Core  Wireshark  Cacti  ntopng  Zabbix  NMAP

STAFF SYMPOSIUM ‐ IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 34 Enterprise Backup Services

 Veritas Backup Exec  EMC Networker  IBM TSM  CA Technologies ARCserve  HP Data Protector  CommVault Simpana  FalconStor  Acronis

STAFF SYMPOSIUM ‐ IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 35 Backup Strategies

 Data on endpoints  OS/firmware  Settings and configuration

STAFF SYMPOSIUM ‐ IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 36 Backup Strategies

Policy and Procedures (Where and How?) • Trustee Smartphone, Tablet, Laptop • Court tablets and laptops

STAFF SYMPOSIUM ‐ IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 37 Backup Strategies

• Local sync vs Cloud Sync • To use or not to use: • iCloud, • iTunes, • One Drive • Google Drive • Dropbox

STAFF SYMPOSIUM ‐ IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 38 Backup Strategies and Products • Deep Freeze – Tool to reset back to default state after reboot • Macrium Reflect (freeware) –system imaging • Acronis (freeware) – system imaging

STAFF SYMPOSIUM ‐ IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 39 Lost Recovery Resources • Find my iPhone (Apple) • Android Device manager ‐ Google Play (Android) • MaaS360 by IBM • Lo‐jack for laptops (Windows)

STAFF SYMPOSIUM ‐ IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 40 Communicate Important Item

 Provide Policies and  Quick Report of Procedures Problems\Resolutions  Announce Policies and  Update Cycles\Reboot Procedures Changes  Inventory Changes  Announce Training Objectives\Results  Provide Encrypted IT Essentials and Password to Trustee

STAFF SYMPOSIUM IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 41 Document IT Essentials

 Hardware Vitals  Software ◦ Brand ◦ Keys ◦ Model ◦ Maintenance Terms ◦ Serial # ◦ Device Installed On ◦ Warranty Dates  Passwords for sites, ◦ Asset Tags hardware, etc. ◦ Maintenance Terms  Device Settings ◦ Location  Disaster Plan ◦ Assigned User  Policies  Important IT Contact Information  Procedures  Training Material

STAFF SYMPOSIUM IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 42 IT Redundancy

 Multiple Backup  Live Training, Webinar, Methods Email Tips  Multiple Security Points  Guard against inbound & (Firewall, network, outbound threats devices)  Two Factor / Multiple  Multiple IT Password for access Reporting\monitoring  Notifications for multiple  Documents: Hardcopy & internal parties (ex: Digital [email protected])

STAFF SYMPOSIUM IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 43 STAFF SYMPOSIUM ‐ IT TRACK

5/11/2017 SESSION 4 ‐ ENDPOINT MANAGEMENT 44