Saturday, February 24, 2018

How To: Make your Windows 10 computer more secure and private

Update 2018/05/20: Updated GitHub repo to accommodate Windows 10, version 1803

Last year I have posted a blog on making your Internet connection more secure and private. Now it is time to look at our home computers. One might argue that if you take Security really serious, you stay away from the Windows Operating System. With Windows 10 that would might not be the case if you are not die-hard into security and privacy.


Windows 10 can really be reasonable secure (at least, that is my perspective). The most important topics are likely the privacy related settings, and the features that enable legacy hardware and/or networks to function. And Windows 10 being the most used operating system in many homes, this blogpost is aimed at people using those.

Goal

The goal of this project is to make a secure (or at least secure within a reasonable amount of effort) Windows 10 installation to ensure a secure environment to consume and produce content. It is possible that by gaining new insights hardening-options are either removed or added.

My other goal is to gain a good understanding on Windows 10 Hardening and other Security-related aspects. I feel that as a Lead Information Security Officer it is important to upkeep (general) knowledge about Technology and it's Security.

Scope

Scope is an important part for this project. Otherwise you can endlessly install security tools and solutions which in the end have a trade-off. This might be resources and performance, but also your own precious time to keep it running :).

The constraints are:
  • Windows 10 Home & Pro Build 1803
  • For the larger part, the settings needs to be able to be set through a GUI. I'll make some exceptions here and there (because there was never a GUI and its impact is rather important).
  • Some settings can also be set by using a registry-key file (.reg). I will supply these files.
  • Settings must be able to be set without using Group Policy Object (GPO), because that is not present (by default) on Windows 10 Home.

Coverage

In my GitHub repo "Home-Security-by-W10-Hardening" I created an overview of features and settings that I have set. In that analyses, the following sources where consulted:

And the following aspects of Windows 10 are addressed:
  • Control Panel
    • System and Security
    • Programs
  • Settings
    • System
    • Apps
    • Cortana / Search
    • Privacy
    • Update & Security
      • Update & Security - Windows Defender Security Center
  • Other
    • Telemetry
    • Xbox Game bar
    • Explorer
    • Encryption Cipher Suites
    • Registry
    • Systems repair

And where possible, I have extracted the registry keys in order to set the settings in an automated fashion. In addition, I went through the entire CIS Benchmark for Windows Hardening and decided with every setting to follow suit or not.

Conclusion

All this results in a fairly balanced Windows 10 installment that eliminates known vulnerabilities, hardens some key weaknesses, protects privacy, while retaining most of its features.

You can look everything up right here at this place: Home-Security-by-W10-Hardening

If you have any questions, feel free to reach out to me!

Share:  

0 comments:

Post a Comment