Operating system security

Introduction to Windows 10 Security

Greg Belding
October 9, 2019 by
Greg Belding

Introduction

Information security is becoming stronger, tighter and more effective. Microsoft is following this consumer trend, offering improved security within its Windows 10 operating system. 

This article will detail the current security functionality offered by Windows 10 and will introduce the new security configuration framework SECCON, Microsoft BitLocker and a slew of notable Windows Defender features including SmartScreen, Application Guard, Device Guard, Exploit Guard and Credential Guard, as well as a look at the new changes to Windows 10 security introduced in the 1903 feature release.

New security configuration framework

The most notable Windows 10 security feature is the new security configuration framework that Microsoft called SECCON (which is a play on the United States Department of Defense’s defense readiness condition DEFCON framework). 

Like DEFCON, SECCON uses five levels of readiness — ranging from the strictest security measures in Level 1 and regular security measures in Level 5. Below is a summary of each of these levels of cyberdefense readiness.

  • Level 1: Administrator Workstation: Considered one of the most privileged access workstation levels along with Level 2, Level 1 faces the highest risk of data theft, alteration and service interruption
  • Level 2: DevOps Workstation: Intended for developers and testers, this level is a target for credential theft attacks and supply chain attacks looking for access to systems and servers with high-value sensitive information
  • Level 3: Enterprise VIP Security: Recommended for organizations with a sophisticated or large security team or organization users that face a uniquely high security risk. Security configurations for this level are complex and recommendations can take longer to fully implement than other levels (sometimes over 90 days)
  • Level 4: Enterprise High Security: Intended for users with access to sensitive information. Controls may impact on app compatibility and will often need to use an audit-configure-enforce workflow when configuring. Most organizations will find these recommendations accessible and are generally deployable within 90 days
  • Level 5: Enterprise Security: The minimum-security configuration with straightforward recommendations that are deployable within 30 days

Windows 10 security features

A new security configuration framework is just the start. Windows 10 offers many improved security features over previous versions of Windows and some are new. 

Microsoft BitLocker

Microsoft BitLocker is a throwback from previous versions of Windows. This native, full-drive encryption solution is available on Windows Pro and Windows Enterprise. Window 10’s BitLocker offers a new class of intrusion prevention capabilities which is an improvement over previous versions.

New Windows Defender features

Windows’ in-built antivirus and anti-malware solution, Windows Defender is not lacking for changes in Windows 10.

Windows Defender SmartScreen

This feature composes one of many layers phishing and malware defense. Using what is called “block at first sight,” Windows Defender SmartScreen has the ability to block sites that are notorious for phishing and containing malware.

Windows Defender Application Guard

This feature is intended to protect the Microsoft Edge web browser application from advanced targeted attacks. It uses whitelisting to allow free browsing of trusted sites. 

When a site is not trusted, Windows Defender Application Guard will open the site in an isolated container. The result is similar to launching an untrusted executable in a sandbox, where valuable system and network resources are shielded from attacker activity if the site turns out to be malicious. 

Windows Defender Device Guard

This feature uses driver- and application-based whitelisting to move from a mode where drivers and applications are trusted unless blocked by AV to a mode where Windows 10 trusts only enterprise-trusted drivers and applications. This is meant to frustrate attackers that focus on attacking or installing new device drivers and applications.

This feature offers exploit protection, network protection, rules for attack surface reduction and controlled folder access. Windows Defender Exploit Guard also provides solid protection of legacy applications with arbitrary code guard, blocking untrusted fonts, low-integrity images and exporting address filtering.

Windows Defender Credential Guard

Relying on virtualization-based security, this feature isolates credentials and only allows privileged system software access to them. This allows for enhanced protection from persistent threats and even some increased hardware protection.

Windows 10 feature release version 1903 changes

Windows 10 version 1903 offers some notable changes.

Windows Sandbox

Most security-minded professionals prefer to have a good test environment to run untrusted executables and other programs in if resources allow. Microsoft responded to this desire and allows for an insulated environment on a Windows 10 PC, thereby removing the need for an expensive test environment (like a dedicated server). This feature is only available on Windows 10 Pro and Enterprise Insider with the following requirements:

  • AMD64 architecture
  • Virtualization enabled
  • 8GB of recommended RAM
  • Two CPU cores minimum

Windows Update

Windows Update has gotten a facelift in version 1903 with some enhanced user capabilities. Most notable of these changes is better user control over updates, including being able to pause any update as the user sees fit.

Better security baselines

Microsoft recommends that Windows 10 users tighten up their security baseline by enabling svchost.exe, starting in the 1903 release. This will enforce stricter Windows 10 security and will ultimately make your Windows 10 unlock its security potential.

Conclusion

Windows 10 offers some notable security improvements over previous Windows rollouts. These changes generally follow the increased desire of its users to have not only stronger security measures but more user control. Even home version users will see some of these changes trickle down to them, including the useful new ability to pause any updates.

Sources

  1. 7 Windows 10 security features that could help prevent cyberattacks against your business, TechRepublic
  2. Introducing the security configuration framework: A prioritized guide to hardening Windows 10, Microsoft
  3. Best new Windows 10 security features: Windows Sandbox, more update options, CSO
Posted: October 9, 2019
Greg Belding
Greg Belding
View Profile

Greg is a Veteran IT Professional working in the Healthcare field. He enjoys Information Security, creating Information Defensive Strategy, and writing – both as a Cybersecurity Blogger as well as for fun.

In this Series

Related Bootcamps
Boot Camps – Sidebar Bottom B
Get certified and advance your career
  • Exam Pass Guarantee
  • Live instruction
  • CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
View Certifications

Operating system security

Comparing Linux+ and RHCSA/RHCE operating system security certifications

Operating system security

Android security: Everything you need to know [Updated 2021]

Operating system security

Application sideloading in Windows 10

Operating system security

Web Browser Security in Windows 10