Operating system security

Application sideloading in Windows 10

February 22, 2021 by Kurt Ellzey

Application Sideloading

Windows 10 security is a constantly evolving and update process. Data security in Windows 10 starts with a high encryption, using BitLocker. Access is restricted by putting data in little boxes or sections. These sections prevent data from getting to the user that aren’t supposed to have them. Windows 10 uses the security configuration framework called SECCON. This framework has five levels. Level 1 is the Administration Workstation and as such, incurs the most attacks. Level 2 is the DevOps Workstation, which is meant for developers. Levels 3-5 are increasing security configurations that are meant for enterprise organizations.

Windows 10 security offers improved features from previous versions and some new features. These features include; Microsoft BitLocker, New Windows Defender features, Windows Defender SmartScreen, Window Defender Application Guard, Windows Defender Device Guard, Windows Defender Credential Guard, Windows 10 feature release version 1903 changes, Windows Sandbox, Windows Update, and Better Security Baselines.

BitLocker and Applications

Microsoft BitLocker isn’t new but it provides encryption for the full drive. It’s available on Windows Enterprise and Pro editions. Though this isn’t new, it does offer a new intrusion prevention class capabilities. Windows defender is the anti-virus and anti-malware software included on all Microsoft Windows products. Windows defender smartscreen adds more phishing and malware protection. It blocks sites right away that are known to be hazardous. Windows defender application guard protects the Microsoft Edge web browser from threats and attacks. It also has a whitelist of trusted sites, making sure those are accessed with greater ease. It opens non-trusted sites within a container that is isolated, much like a sandbox is used for executables. Windows defender device guard is made to frustrate cyber attackers by moving from a mode where applications on a whitelist are used, to a mode where only enterprise- trust application and drivers can be used. In addition, the device guard adds protection for legacy applications, so they may be used. Windows defender credential guard uses virtualization to provide security. It isolates credentials so only approved software can use them. Windows sandbox is available for Windows 10 Enterprise and Pro. It provides separate test space to run executables without threat of harm to the system. Windows 10 increased the security baseline. It enabled svchost.exe with the 1903 update. 

Data Security

Data security in Windows 10 includes Microsoft Azure Information Protection. Azure protects information by making the classifications smaller and more granular, by sharing information that is sensitive, and granting permissions for advanced needs. Local user account authentication, which would include picture passwords and traditional logins is replaced with Windows Hello. Windows Hello has a two-factor verification to start. From there the user can choose a gesture. Gestures include facial recognition, fingerprint, and biometric, in addition to a pin. Cloud based authentication is also available. Hardening is an important step in securing a Windows 10 host. It limits the vulnerabilities an attacker could exploit. It also helps to direct the user to set up the computer the way they would like, instead of staying in default. The first thing to do is install Windows 10 fresh, from the usb drive. Then all extra programs are deleted. BitLocker then encrypts the drive. Updates are then run. Following that setting group policies is a logical step. It’s especially important for large organizations. 

Group Policy

Local Group Policy keeps users isolated in their own space so they can’t affect the network. To begin this process, the Group Policy Management Editor needs to be accessed. From there the control panel access can be limited. LAN manager passwords can then be prevented from being stored in hashes. Access to the command prompt is then limited. In addition forced system restarts are blocked. Removable drives are banned followed by disabling the guest account. Installing software is limited. Then passwords are required to be longer and fresher. Then they disable the anonymous SID enumeration. At that point a secure network Group Policies Object (GPO) can be set for everyone. 

Conclusion

A few additional Windows 10 security measures can be applied and instituted for wireless networks. Some organizations could import the 802.1x standard. This requires access control rather than other credentials. The DirectAccess feature could be used more for greater security. The greatest option is the Virtual Private Network (VPN) when a wireless network is untrusted. 

 

Sources

  1. /topic/windows-10-security-features/
  2. /topic/data-security-in-windows-10/
  3. /topic/introduction-to-windows-10-security/

 

Posted: February 22, 2021
Articles Author
Kurt Ellzey
View Profile

Kurt Ellzey has worked in IT for the past 12 years, with a specialization in Information Security. During that time, he has covered a broad swath of IT tasks from system administration to application development and beyond. He has contributed to a book published in 2013 entitled "Security 3.0" which is currently available on Amazon and other retailers.