How to secure Windows 10 -- Microsoft reveals SECCON framework to protect systems
Based on the DEFCON levels, Microsoft has unveiled the SECCON framework -- a series of guides for securing a range of Windows 10 configurations in different environments.
Starting with an "Administrator workstation" at level 1 and building up to "Enterprise security" at level 5, the framework is Microsoft's attempt to simplify and standardize security. While it is not a one-size-fits-all solution, the company says it is "defining discrete prescriptive Windows 10 security configurations to meet many of the common device scenarios we see today in the enterprise".
See also:
- Google now lets you use your Android phone as a 2SV security key
- April's Patch Tuesday updates are causing Windows to freeze
- Microsoft releases cumulative update for the Windows 10 May 2019 Update
Chris Jackson, principal program manager, says: "In the past, we left defining the security configuration for Windows 10 as a task for every customer to sort out. As a result, we saw as many different configurations as we saw customers. Standardization has many advantages, so we developed a security configuration framework to help simplify security configuration while still allowing enough flexibility to allow you to balance security, productivity, and user experience".
The five levels were developed by Microsoft after working with a select group of pilot customers, experts from Microsoft’s engineering team, and the Microsoft sales field. The levels are described as:
- 5. Enterprise security -- We recommend this configuration as the minimum-security configuration for an enterprise device. Recommendations for this security configuration level are generally straightforward and are designed to be deployable within 30 days.
- 4. Enterprise high security -- We recommend this configuration for devices where users access sensitive or confidential information. Some of the controls may have an impact to app compatibility, and therefore will often go through an audit-configure-enforce workflow. Recommendations for this level are generally accessible to most organizations and are designed to be deployable within 90 days.
- 3. Enterprise VIP security -- We recommend this configuration for devices run by an organization with a larger or more sophisticated security team, or for specific users or groups who are at uniquely high risk (for example, one organization identified users who handle data whose theft would directly and seriously impact their stock price). An organization likely to be targeted by well-funded and sophisticated adversaries should aspire to this configuration. Recommendations for this security configuration level can be complex (for example, removing local admin rights for some organizations can be a long project in and of itself) and can often go beyond 90 days.
- 2. DevOps workstation -- We recommend this configuration for developers and testers, who are an attractive target both for supply chain attacks and credential theft attacks that attempt to gain access to servers and systems containing high-value data or where critical business functions could be disrupted. We are still developing this guidance, and will make another announcement as soon as it is ready.
- 1. Administrator workstation -- Administrators (particularly of identity or security systems) face the highest risk, through data theft, data alteration, or service disruption. We are still developing this guidance, and will make another announcement as soon as it is ready.
A draft version of security configuration framework documentation can be found here and Microsoft is looking for feedback from users about it.