Defence in Depth for Endpoints and Network

Last updated on May 25, 2020

Endpoint devices include mobile devices, workstations, and servers. Endpoint devices should connect to the network through a secure channel (such as a Virtual Private Network or VPN), this is to ensure data is not intercepted when retrieved by a client. Also, endpoint devices must have adequate security, such as encryption, antivirus, and firewalls, to keep both data in transit and data at rest protected (especially in a situation when the device is stolen). Additionally, all corporate networks should be encrypted with industry best standards.

Expert Opinion - Defence In Depth

Control Objective

Endpoints include servers, desktops, laptops, tablets, and mobile devices
Networks include wired and wireless, and require secure perimeter, network segmentation, and known ingress/egress points
Controls must exist to prevent, detect, and respond to security incidents
Technologies must include firewall, intrusion prevention, web content filtering, email content filtering, and anti-virus at a minimum
Systems must be hardened (e.g. default passwords and shared accounts must not be used, unnecessary services are disabled, and insecure protocols are disabled)
Additional controls may be required to mitigate risk to your organization

Did you find what you were looking for?

The B.C. Public Service acknowledges the territories of First Nations around B.C. and is grateful to carry out our work on these lands. We acknowledge the rights, interests, priorities, and concerns of all Indigenous Peoples - First Nations, Métis, and Inuit - respecting and acknowledging their distinct cultures, histories, rights, laws, and governments.

More topics

Defence in Depth for Endpoints and Network

Expert Opinion - Defence In Depth

Control Objective