Windows 10 Hardening Techniques

Introduction

Hardening an operating system (OS) is one of the most important steps toward sound information security. As operating systems evolve over time and add more features and capabilities, hardening needs to be adjusted to keep up with changes in OS technology. 

Windows 10 comes stacked with an array of features, apps and software that need to be properly configured to ensure the system is as hardened as possible. This article will detail the top Windows 10 hardening techniques, from installation settings to Windows updates and everything in between.

What is hardening?

Hardening refers to reducing the attack surface that attackers have available to them. It is based on the principle of least privilege, or to configure a computer system to only do what you do normally and nothing more. 

Hardening is an integral part of information security and comprises the principles of deter, deny, delay and detection (and hardening covers the first three).

Secure installation

It is strongly recommended that Windows 10 be installed fresh on a system. Previously used systems may have malware, spyware and who knows what else from web browsing, and pre-installed systems may contain an absurd amount of bloatware. Create or locate a suitable installation media for your Windows 10 system (a trusted USB drive, preferably). Make sure to turn off your system’s wireless internet and unplug its Ethernet connection

Clean up unwanted programs

Even in fresh installations of Windows 10, a system likely has unnecessary programs installed. These programs expand the attack surface and become potential points of entry for attackers. Installed programs should be reviewed then the unneeded deleted. Verify that all installed programs are legitimate and not pirated software, which could be filled with bloat and malware. 

Encryption

Hard drives should be encrypted. Windows 10 comes with BitLocker as (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Greg Belding. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/I7NXCWVqP1c/