Configuring a Windows computer from the ground up for security and stability – Part 2: Into The Breach

1.) Update Windows 10

In Start > Settings > Update, continue updating and rebooting Windows until there’s nothing left. I usually wait until this is done before I start installing stuff.

2.) Set UAC to full

Listen to me. UAC is a critical security control that has vast impacts you can’t see. It is not computer bubblewrap. It exists for very important reasons. You aren’t cool for turning it off.

Follow these instructions to set UAC to the highest option, “Always notify me.” Anything less allows any malware to instantly elevate to administrator level permissions. UAC isn’t magic, but it’s a layer you want to use.

3.) Enable Drive Encryption

If you have Windows 10 Home:

Start > Settings > System > About
Look for the “Device encryption” setting at the bottom of the About pane. If it’s not there, your computer does not support the limited encryption feature that Home supports. You should upgrade to Windows 10 Pro or set a HDD password in your BIOS if your computer supports it. Depending on model of drive, HDD password will provide less protection than BitLocker.

If you have Windows 10 Pro:

Right-click on Start > Control Panel > BitLocker Drive Encryption > Turn on BitLocker

Or why not use Veracrypt?

With SecureBoot, before your computer boots to Windows it verifies the OS hasn’t been corrupted with a bootkit that modifies Windows that lets a virus run hidden. 3rd party encryption tools break this chain of trust that flows from UEFI to Windows bootloader to BitLocker. This chain of trust is critical for preventing an entire category of attack against Windows. This is not theoretical, this stops real-life attacks.

For more info visit http://www.cans.scot

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s