3 page assignment: Develop Hardening Checklist for Windows 10 1. One of the most
ID: 3690339 • Letter: 3
Question
3 page assignment: Develop Hardening Checklist for Windows 10 1.
One of the most useful tools you will use in your role as an Information Security professional is a hardening checklist. Essentially, it is a document that serves as a guide to configuring a desktop / system security. Please develop this guide for a windows 10 desktop environment. The hardening checklist will take the form of a table or chart that lists how the Windows 10 desktop should be hardened. This will be culmination of everything you have learned, in terms of Operating Systems, Security Controls, and various strategies that can be employed. Essentially this documents will summarize everything you know about securing a system in an easy to follow checklist. You should try to provide a short and quick one sentence description on each setting or task that you are recommending in the checklist.
Explanation / Answer
One of the more important Enterprise hardening capabilites comes as a byproduct of Microsoft's incremental approach to new features. For those needing a hardened environment, pushing out frequent new features would spawn an almost continuous effort to test, adjust and approve a each new hardened release.
Windows 10 includes a number of additional features that will be of interest to corporate security officers including:
1. Multifactor authentication:
The ability to use multifactor authentication for PC access is incorporated into windows 10 at the OS level. It will support either a biometric device or a PIN sent to a mobile device. This will be useful for corporate environments, particularly in securing lost laptops.
2. Data loss Prevention(DLP):
DLP automates the process of monitoring for and masking the transmission or exposure of protected data such as Social Security Numbers. This is normally complicated to implement and manage but microsoft is trying to simplify the process by incorporating some DLP features directly into Windows 10, via its Enterprise Data Protection functionality. This facility includes the ability to recognize and transparently encrypt corporate versus personal data, some remote device wiping capabilities and audit reports.
3. Application Control:
Prior Windows versions allowed users to install untrusted applications, after a strongly worded warning. Windows 10 has the ability to disallow any untrusted applications, known as Device Guard. This will give security administrators better automated control over users running potentially harmful applications.
4. Phishing Protection:
Windows 10 provides some inherent protection from certing phising attacks by placing the user access token, which allows continued user access after inital authentication, in a secure container. This will eliminate certain classes of attacks, such as Pass the Hash and Pass the Ticket.
If you are tempted to cede protection of your corporate security to Windows 10 and relax, you may be a bit premature, however. There are some well-publicized privacy exposures in Windows 10 that will take some work to control. These include Windows 10 sharing your Wi-Fi information automatically with people in your address list, tracking your location, and sending your browsing history to Microsoft so it can "help" you. Security managers will want to make sure these privacy holes are plugged as they deploy new workstations.
Overall, Windows 10 offers much to help the corporate security officers sleep better, but they may be rudely awakened on occasion by nagging privacy issues.
Related Questions
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.