Overview of hardening Client Security
Applies To: Forefront Client Security
Hardening a Client Security deployment requires that you understand the best practices for securing each aspect of your deployment and that you make informed choices about security. This guide discusses the following aspects of Client Security deployments:
Server components—A Client Security deployment consists of components installed on one or more servers. Each server performs different tasks in the deployment. These tasks dictate the components that must run on the servers; therefore, the components installed on a server affect the attack surface of each server. When you combine more than one component on a server, you must consider the combined security considerations when you harden the server.
Service accounts—Service accounts are user accounts used to run services necessary for a Client Security deployment. You should create and maintain these accounts following best practices that minimize the consequences of such accounts becoming compromised.
User accounts—You should understand what permissions are required for users who configure and maintain Client Security and the implications of granting those permissions. This guide discusses security of user accounts relevant to a Client Security deployment.
Connections—Connections among servers and between servers and clients also require consideration to ensure that communications are secure. Decisions regarding how many servers you deploy can affect the number and type of connections that you need to secure.
Client computers—Client computer security consists of ensuring that communications between the client and Client Security servers are secure and that you configure Client Security agents appropriately for your organization's security standards.
Maintenance—Keeping up with security updates for Client Security servers and ensuring that backups of data happen regularly are vital to the security of your Client Security deployment.