Essential 8 Caveats \ Gotchas

  • Browser Lockdown – Don’t disable Javascript the internet can’t run without it
  • Password Managers in browsers are disabled : This means users existing saved passwords in Microsoft Edge or Chrome for websites will be removed and no new passwords can be saved. The risk is the password database for the browser could be hacked , however without this , users could resort to writing passwords down or using the same ones across different websites. A separate audited password manager hosted internally is the best replacement for this , however, bears additional costs.
  • Disabling the Password Manager does not delete the password database. You will need to clear that with powershell ( “C:\Users\%username%\AppData\Local\Google\Chrome\User Data\Default\Login Data” ) or enable the policy to clear all edge \ chrome datafiles on close
  • Pop Ups disabled in Browsers : Edge and Chrome stop pop ups showing by default , however sometimes legitimate pops are blocked and a user can enable these if needed. With this enabled users will not be able to view these anymore without logging a request to IT to lift the policy or to look at the website on another device such as mobile. Difficult to know what website this will effect until we deploy these , or effect in future.
  • TLS Enforced to 1.2 and Authentication limited to NTLM : This like above should not effect any websites following best web practices , however if suddenly a new website needed either of two functions ,  a request to IT to lift the policy or to look at the website on another device such as mobile.
  • No Old office Files : To reduce the attack surface area , a block on any old Office Template or Document ( items such a .doc instead of .docx ) would be blocked from opening on the users Desktop. These could be opened by the on a mobile device and or the web version of Office , however as you said alot of your templates use the old format of these so this might be deemed an acceptable risk until these are converted to the newer versions
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...