- Windows 10 for Enterprise Administrators
- Jeff Stokes Manuel Singer Richard Diver
- 358字
- 2021-07-02 18:20:09
Security mitigation
For the significance of Windows 10's security focus, one simply needs to look at the news. It seems every day that another story emerges of a company or organization that has had ransomware installed and then been blackmailed into paying for an encryption key to regain access to their own data. A review of the work needed to protect from these types of attacks is worth the time.
One company, Third Tier, even has a kit they offer to help prevent this sort of intrusion on your network. From the Third Tier ransomware prevention kit site, http://www.thirdtier.net/ransomware-prevention-kit/, you can see that the package makes many modifications and recommendations, including group policies, WMI filtering, software restriction policies, blocking of known attack vectors, backups, recovery methods, and even training materials to teach users to be more security aware.
Even if you choose not to use it, it is a great checklist of have I thought of... when it comes to risk mitigation. In an age where antivirus products cannot protect against everything, especially social engineering attacks on end users, it behooves administrators to protect users from themselves in the best interest of the company.
Additionally, software products working in tandem with antivirus solutions, such as data loss prevention (DLP) software or even intrusion detection software/systems (IDS) can be used to protect organizations and their data from accidental or even intentional theft by third parties or rogue employees. The typical goal of an organization is to prevent their data from ending up on Wikileaks, so any steps that can be taken toward that end are a good target for the enterprise administrator.
While prevention is all well and good, what about the aftermath of a detected intrusion? Are you prepared for that scenario? More so, is your security team prepared? Forensics tools, Windows log configuration, and subsequent auditing can go a long way toward answering the questions of what happened, how it happened, and what we lost.
With Windows 10, suffice it to say that Microsoft has made many improvements on preventing attacks from occurring. These are discussed in depth in Chapter 8, Windows 10 Security.