Securing Windows 10 Hosts

Introduction

Windows 10 is popular, but success has made the operating system a target for hackers and malicious coders. While Windows 10 has been focused on security since its release, Microsoft is continually working to make Windows 10 more secure for users. 

Not every user has the same security needs, but every Windows 10 host requires minimum security. Windows 10 starts secure at a basic level, then gives users the option to make nearly every aspect of their system as secure as it can be. 

Here is an overview of the ways Windows 10 can be configured to create secure environments for Windows 10 hosts.

Data security in Windows 10

Windows 10 data security begins with military-grade encryption called BitLocker which protects sensitive information and prevents unauthorized access. Data is then put into discrete sections, which prevents data leak to unauthorized users, websites, software and apps. Azure Information Protection then works with Windows Information Protection to add more granular classifications, share sensitive information and assign advanced permissions. 

Windows 10 authentication mechanisms

Windows 10 offers local user account authentication using traditional credentials or picture passwords, but Windows Hello is replacing the traditional login. Windows Hello begins with a two-factor verification during enrollment. From there, Microsoft has users set up a gesture — which can be biometric, a fingerprint or facial recognition or a PIN.

Beyond local user credentials, Microsoft allows authentication with a user’s Microsoft account credentials, an Active Directory Account or a Microsoft Azure Directory (Azure AD) account, which the cloud-based authentication service used for Microsoft 365 and Office 365 subscriber accounts. 

Windows 10 hardening techniques

Hardening deters, denies and delays attacks on a Windows 10 host by reducing vulnerabilities and configuring the system to function exactly as the user needs rather than remain in default (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Kurt Ellzey. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/yRMy5jfvhgE/