Last year I have posted a blog on making your Internet connection more secure and private. Now it is time to look at our home computers. One might argue that if you take Security really serious, you stay away from the Windows Operating System. With Windows 10 that would might not be the case if you are not die-hard into security and privacy.
Windows 10 can really be reasonable secure (at least, that is my perspective). The most important topics are likely the privacy related settings, and the features that enable legacy hardware and/or networks to function. And Windows 10 being the most used operating system in many homes, this blogpost is aimed at people using those.
GoalThe goal of this project is to make a secure (or at least secure within a reasonable amount of effort) Windows 10 installation to ensure a secure environment to consume and produce content. It is possible that by gaining new insights hardening-options are either removed or added.
My other goal is to gain a good understanding on Windows 10 Hardening and other Security-related aspects. I feel that as a Lead Information Security Officer it is important to upkeep (general) knowledge about Technology and it's Security.
ScopeScope is an important part for this project. Otherwise you can endlessly install security tools and solutions which in the end have a trade-off. This might be resources and performance, but also your own precious time to keep it running :).
The constraints are:
- Windows 10 Home & Pro Build 1803
- For the larger part, the settings needs to be able to be set through a GUI. I'll make some exceptions here and there (because there was never a GUI and its impact is rather important).
- Some settings can also be set by using a registry-key file (.reg). I will supply these files.
- Settings must be able to be set without using Group Policy Object (GPO), because that is not present (by default) on Windows 10 Home.
- Center for Internet Security (CIS) (https://www.cisecurity.org/)
- Group Policy Administrative Templates Catalog site (https://getadmx.com/)
- Ali Robertson with his/her Reclaim Windows script (https://gist.github.com/alirobe/7f3b34ad89a159e6daa1)
- Nessus Vulnerability Scanner
- Rapid7 Nexposed Community Edition
- And many other sources (bigger and smaller) found through the means of search.
And the following aspects of Windows 10 are addressed:
- Control Panel
- System and Security
- Cortana / Search
- Update & Security
- Update & Security - Windows Defender Security Center
- Xbox Game bar
- Encryption Cipher Suites
- Systems repair
And where possible, I have extracted the registry keys in order to set the settings in an automated fashion. In addition, I went through the entire CIS Benchmark for Windows Hardening and decided with every setting to follow suit or not.