Microsoft revealed a brand new security configuration framework for Windows 10 units that it calls SECCON framework in April 2019. The new framework enhances the Windows security baselines that Microsoft publishes for every new launch of Windows.
SECCON framework configurations are designed particularly for organizations that do not implement the revealed security baselines.
The new framework organizes units into productiveness and privileged entry units, and offers security configurations for every based mostly on the classification. The configurations supply generic suggestions that aren’t particular to sure environments.
The first three ranges recommend insurance policies for productiveness units, the final two for privileged entry workstations
- Level 5: Enterprise security — Minimum security configuration for Enterprise units.
- Level four: Enterprise high security — Security configuration for units the place customers entry delicate or confidential info.
- Level three: Enterprise VIP security — Configuration for organizations with a “bigger or extra subtle security workforce” or high-risk customers.
- Level 2: DevOps workstation — Configuration for testers and builders who could also be focused particularly.
- Level 1: Administrator workstation — Security configuration for the highest danger class.
Security configurations could also be extra restrictive in the decrease ranges due to danger ranges related to every system sort.
Recommendations for every degree are divided into the three classes insurance policies, controls, and behaviors.
Policies recommend configuring sure security insurance policies on units comparable to imposing a minimal password size, password complexity necessities, disabling visitor accounts, sure firewall guidelines, or limiting sure rights to particular consumer teams.
Policies are divided into a number of classes comparable to security template, superior audit, Windows Defender Firewall, or Computer.
The Controls group suggests the use of sure security options or functions; Level 5 controls recommend to configure sure Windows Defender options comparable to Credential Guard or Application Guard, and to make Microsoft Edge and never Internet Explorer the default browser.
Behaviors outline security processes comparable to putting in security updates in a sure variety of days after launch or eradicating as many customers as potential from the administrator group.
Enterprise prospects are the predominant goal for SECCON framework security suggestions however house customers and small companies could use the offered info and proposals as effectively to safe units. (through ZDNet)