If you are new to Windows 10 and want to create a secure workstation for your personal or professional use, this blog post is for you. In this post, I will show you how to set up a Windows 10 workstation with some basic security features that will help you protect your data and privacy. Here are the steps you need to follow:
Continue reading “How to Create a Secure Windows 10 Workstation for Beginners”
Windows 10 is the most popular operating system in the world, powering millions of devices from desktops to laptops to tablets to smartphones. Windows 10 offers many features and functionalities that enhance the user experience and productivity. However, Windows 10 also faces many security challenges and threats from hackers, malware, ransomware, phishing, and other cyberattacks.
Windows 10 security settings are the policies and configurations that define how Windows 10 devices are protected from unauthorized access or modification. Windows 10 security settings are important for several reasons. First, they help ensure the confidentiality, integrity, and availability of the device and the data. By applying appropriate security settings, users can control who can access their device and data and monitor any changes or activities. This prevents data breaches, identity theft, or sabotage by malicious actors.
Second, they help maintain compliance with various regulations and standards, such as HIPAA, PCI DSS, GDPR, and NIST. These regulations and standards require organizations and individuals to implement certain security measures to protect the personal or sensitive information of their customers, employees, or partners. By following the best practices for Windows 10 security settings, users can avoid fines, lawsuits, or reputational damage.
Third, they help improve the performance and efficiency of the device and the IT staff. By using Windows 10 security settings to enforce password policies, firewall rules, antivirus software, encryption methods, and other settings, users can reduce the risk of human errors, virus infections, network attacks, or data loss. This also reduces the workload and costs of managing and troubleshooting the device.
In this post, we’ll discuss the importance of the top 5 security settings in Windows 10:
Microsoft is updating Defender for Office 365 soon to help protect customers from embedded email threats while they are previewing quarantined emails. Microsoft is rolling out more quarantine management features that will help allow IT professionals and end users to better investigate quarantined emails:
Microsoft Defender for Office 365 (previously Office 365 Advanced Threat Protection) provides world-class protection for enterprise email accounts against threats that include business email compromise and credential phishing. They even have some features that help with automated attack remediation.
These new enhancements should help limit risk to unwanted or malicious content by providing additional security controls to help block embedded threats to help prevent threat actors from knowing their intended victim has loaded an image or other embedded content in the quarantine preview.
“We’re changing the way users preview quarantined messages to provide additional security against embedded threats,” Microsoft explains on the Microsoft 365 roadmap. The idea is to provide some additional controls when previewing an email to make sure the threats are contained and the sender is less likely to know you have contained the suspicious email. With this change some components in quarantined messages will be distorted and not displayed by default. To see the full contents of the message, users can choose to reveal the full message.”
Other new features will allow for more control over quarantine items, release workflow options, corporate branding, and support for shared mailboxes.
Microsoft also plans on adding more intelligence around what kinds of attacks are targeting your business and options around how to deal with ongoing threats.
A offensive security tool developed by Benjamin Delpy in 2011 is named Mimikatz. Mimikatz is a free tool that tries to scrape the memory of the target computer looking for the process responsible for Windows authentication(LSASS) to reveal cleartext passwords and NTLM hashes that the attacker can then use to attack other computers on the same network. The attacker can then escalate their account privilege either by authenticating with the clear text credentials they just stole or by simply passing the stolen hash.
Mimikatz has been used by nation-state attackers, the first known case being the 2011 hack of the now-defunct Dutch certificate authority DigiNotar. The attackers issued bogus certificates for Google and used them to spy on the Gmail accounts of several hundred thousand Iranian users. Mimikatz has since been used by many malware creators to automate the spread of their worms, including the NotPetya attack and the 2017 BadRabbit ransomware outbreak. Mimikatz will likely remain an effective offensive security tool on Windows platforms for many years to come.
Mimikatz exploits Windows single sign-on (SSO) functionality to harvest credentials. Until Windows 10, Windows by default used a feature called WDigest that loads encrypted passwords into memory, but also loads the secret key to decrypt them. WDigest has been a useful feature for authenticating large numbers of users on an enterprise or government network, but also let Mimikatz exploit this feature by dumping memory and extracting the passwords.
Microsoft has reacted (somewhat slowly) to Mimikatz by publishing changes to address the security vulnerabilities identified, but you must apply the patches and recommendations below to address this security issue.
Microsoft Endpoint Management (Microsoft Intune) is a service available as part of the traditional O365 environment that allows a business to configure and enroll their Windows 10 devices (as well as macOS, iOS, and Android devices) to centrally manage corporate devices while ensuring that they meet your basic compliance requirements. You can read more about Microsoft Intune here.
The basic approach to cloud management of your Windows 10 devices is quite simple, but it can take a little work to get the pieces into place.
Click on the Devices option, then select Configuration Policies, then select Create new policy, for the platform, select Windows 10 and later, select Profile and select Endpoint Protection. Set a name for your policy, such as “Windows Security Configuration”.
Microsoft Defender Smart Screen
Interactive Logon
Local device security options
Accounts
Network access and security
User Account Control
Click on the Devices option, then select Compliance Policies, then select Create new policy, for the platform, select Windows 10 and later. Set a name for your policy, such as ‘Windows Security Compliance”.
Device Health
System Security
Device Security
Defender
Click on the Devices option, then select Windows 10 update rings, then select Create profile, set a name for your policy, such as “Windows Update Configuration”.
You can also create other Configuration Profiles to enforce various policies that you may be using GPO policies to enforce today, like various network settings, Windows Defender Firewall settings, renaming the local administrator account, disabling the guest account, etc. You can also create Apps, which allows you to install various software directly to the enrolled device.
Once you start working with Endpoint Manager (Intune) you will see the enormous potential that cloud management brings to your environment.
The current Microsoft Windows is the most popular operating system in the world, which also makes it the primary target for hackers and malicious actors attempting to gain access to your computer so they can steal your data. While most software vendors regularly correct security issues, Microsoft is constantly updating it’s software to help protect it’s users from potential compromise. They provide monthly updates and special patches as issues are discovered, but with constant improvements and the addition of new features also brings the possibility of new bugs and vulnerabilities.
While some people might just throw up their hands and decide there isn’t much a typical user can do to adequately secure their systems, there are simple things you can do that will help prevent a successful attack. Let’s look at some simple tips that you should follow to make Windows 10 more secure.
Microsoft has an entire team of people that help make Windows 10 as secure as possible, and when they find a problem they issue a fix to help remediate the issue before hackers can take advantage of the flaw. This only works if you actually patch your software to add the fix onto your system.
Allowing your computer to become outdated will eventually cause an issue that could lead to a successful attack on your computer. Hackers and other malicious actors are actively looking for systems with known vulnerabilities, so to help prevent your computer from being on their attack list, frequently patch your system.
Make sure that you enable Windows updates, that you check occasionally to make sure your system isn’t missing any updates, and that you verify all the software on your computer is also getting updates. Some people worry that installing a patch will break something, but that is easily corrected by simply removing the patch if that happens to your computer.
System restore is an option built into Windows 10 that allows you to set the system back to the previous date whenever there are problems. By default, “System Restore” is disabled in Windows 10. If you want to be able to quickly undo any problem that happen on your system, simply restore back to a previous restore point, and any changes to your system after that date and time are removed.
System Restore does not restore user data or documents, so it will not cause users to lose their files, e-mail, browsing history, or favorites.
You can find instructions on how to use this feature here.
Unless BitLocker is enabled on your Windows 10 computer, your drive contents are stored in “Plain Text”. This means if your laptop is stolen, the drive can be removed and the contents can be read from another computer. Encryption is essential if you are keeping critical information in your laptop. By enabling BitLocker, a feature already available on your computer, Windows will encrypt the contents of your hard drive, making it very difficult for an unauthorized person to view the contents of your hard drive.
You can find instructions on how to use this feature here.
Windows 10 has a built-in protection feature to stop viruses and malware called Microsoft Defender and the Windows Security Center. By enabling Microsoft Defender you get built-in protection from most virus and malware programs. The Windows Security Center is were you go to modify and customize your Defender settings and check on the overall security status of your computer. Check the home screen from the Windows Security Center and ensure all systems are showing in green.
If malware gets onto your computer, one of the first things it will attempt is to programmatically disable Microsoft Defender. The best feature you can enable is Tamper Protection. This feature makes it very difficult to disable Microsoft Defender protection without your approval. You can find instructions on how to enable this feature here. Continue reading “10 Tips for Securing Windows 10”
Ransomware is malware installed on your machine intended deny access to your critical files. Once you can’t access you documents, pictures, and music the attacker offers to release the files back to you for a fee. Sometimes the fee might be several hundred dollars, but for businesses the fee might be in the millions.
The attacker uses fairly standard attack methods to install software on your computer that scans your system for specific file types, then encrypts the files using a method that is usually not recoverable. Then the malware will present you with a key value to redeem for a decryption key. If you present your key and the appropriate fee, the cyber criminals provide you with a decryption key that makes you files available again. Usually. Sometimes you pay and they don’t respond or the key that is provided doesn’t work correctly.
There are some specific things you can do to make the risk much smaller of a successful attack on your computer, as well as ways to make the impact smaller so you might not have to pay the ransom. Some of these are easy for a non-technical user to tackle, but others are better suited for technical personnel at a business or government agency.
A Windows 10 laptop right out of the box is not a truly secure laptop. Building a secure laptop using Windows 10 will take a little work. Microsoft has done a good job balancing usability and security, making sure the device is mostly compatible with what an average person wants to do without security getting in the way.
If you want a secure laptop there are some tweaks you need to make to get your laptop to the next level of security. Some are done by default, but you should make sure you have the settings correct, and some of off by default so you’ll need to configure the settings and turn them on.
I’ll go through some of the settings to show you how you can go from default settings to secure, but you have to understand there are always more things you can do to make your Windows 10 device even more secure. Continue reading “Securing Windows 10”
Technology News and Information by SeniorDBA