deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 14:27:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

edits

Browse Source
This commit is contained in:
Justin Hall 2019-04-09 11:21:31 -07:00
parent 49d7db2073
commit aa79a917f8
6 changed files with 45 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
windows/security/threat-protection/windows-security-configuration-framework/TOC.md
View File

@ -4,11 +4,11 @@
### [Security Compliance Toolkit](security-compliance-toolkit-10.md)
### [Get support](get-support-for-security-baselines.md)
## [Windows SECCON framework](windows-security-configuration-framework.md)
### [SECCON 5 Enterprise Security](seccon-5-enterprise-security.md)
### [SECCON 4 Enterprise High Security](seccon-4-enterprise-high-security.md)
### [SECCON 3 Enterprise VIP Security](seccon-3-enterprise-vip-security.md)
### [SECCON 2 Enterprise Dev/Ops Workstation](seccon-2-enterprise-devops-security.md)
### [SECCON 1 Enterprise Administrator Workstation](seccon-1-enterprise-administrator-security.md)
### [Level 5 Enterprise Security](level-5-enterprise-security.md)
### [Level 4 Enterprise High Security](level-4-enterprise-high-security.md)
### [Level 3 Enterprise VIP Security](level-3-enterprise-vip-security.md)
### [Level 2 Enterprise Dev/Ops Workstation](level-2-enterprise-devops-security.md)
### [Level 1 Enterprise Administrator Workstation](level-1-enterprise-administrator-security.md)
##Windows Security Blog Posts
### [Sticking with Well-Known and Proven Solutions](windows-security-blog/sticking-with-well-known-and-proven-solutions.md)
### [Why Were Not Recommending "FIPS Mode" Anymore](windows-security-blog/why-were-not-recommending-fips-mode-anymore.md)

10
windows/security/threat-protection/windows-security-configuration-framework/level-1-enterprise-administrator-security.md
View File

@ -1,6 +1,6 @@
---
title: SECCON 1 enterprise administrator security
description: This article, and the articles it links to, describe how to use the Windows SECCON framework in your organization
title: Level 1 enterprise administrator security
description: Describes the policies, controls, and organizational behaviors for Windows security configuration framework level 1 enterprise administrator security configuration.
keywords: virtualization, security, malware
ms.prod: w10
ms.mktglfcycl: deploy
@ -14,7 +14,7 @@ ms.topic: conceptual
ms.date: 04/05/2018
---
# SECCON 1 security configuration for enterprise administrators
# Level 1 enterprise administrator security configuration
**Applies to**
@ -22,6 +22,4 @@ ms.date: 04/05/2018
Administrators (particularly of identity or security systems) present the highest risk to the organizationthrough data theft, data alteration, or service disruption.
SECCON 1 guidance to help protect devices used by administrators is coming soon!
A level 1 configuration should include all the configurations from levels 5, 4, 3, and 2 and additional controls. We are planning recommendations for the additional controls now, so check back soon for level 1 enterprise administrator security configuration guidance!

10
windows/security/threat-protection/windows-security-configuration-framework/level-2-enterprise-devops-security.md
View File

@ -1,6 +1,6 @@
---
title: SECCON 2 enterprise devops security
description: This article, and the articles it links to, describe how to use the Windows SECCON framework in your organization
title: Level 2 enterprise dev/ops security configuration
description: Describes the policies, controls, and organizational behaviors for Windows security configuration framework level 2 enterprise dev/ops security configuration.
keywords: virtualization, security, malware
ms.prod: w10
ms.mktglfcycl: deploy
@ -14,12 +14,14 @@ ms.topic: conceptual
ms.date: 04/05/2018
---
# Level 2 security configuration for enterprise dev/ops
# Level 2 enterprise dev/ops security configuration
**Applies to**
- Windows 10
We recommend this configuration for developers and testers, who are an attractive target both for supply chain attacks and access to servers and systems containing high value data or where critical business functions could be disrupted. SecCon 2 guidance is coming soon!
We recommend this configuration for developers and testers, who are an attractive target both for supply chain attacks and access to servers and systems containing high value data or where critical business functions could be disrupted. A level 2 configuration should include all the configurations from levels 5, 4, and 3 and additional controls. We are planning recommendations for the additional controls now, so check back soon for level 2 enterprise dev/ops security configuration guidance!

18
windows/security/threat-protection/windows-security-configuration-framework/level-3-enterprise-VIP-security.md
View File

@ -1,6 +1,6 @@
---
title: SECCON 3 Enterprise VIP Security
description: This article, and the articles it links to, describe how to use the Windows SECCON framework in your organization
title: Level 3 enterprise VIP security configuration
description: Describes the policies, controls, and organizational behaviors for Windows security configuration framework level 3 enterprise VIP security configuration.
keywords: virtualization, security, malware
ms.prod: w10
ms.mktglfcycl: deploy
@ -14,20 +14,18 @@ ms.topic: conceptual
ms.date: 04/05/2018
---
# SECCON 3 security configuration for enterprise VIPs
# Level 3 enterprise VIP security configuration
**Applies to**
- Windows 10
- Windows Server 2016
- Office 2016
SECCON 3 is the security configuration recommended as a standard for organizations with large and sophisticated security organizations, or for specific users and groups who will be uniquely targeted by adversaries. Such organizations are typically targeted by well-funded and sophisticated adversaries, and as such merit the additional constraints and controls described here.
A SECCON 3 configuration should include all the configurations from SECCON 5 and SECCON 4 and add the following security controls.
Level 3 is the security configuration recommended as a standard for organizations with large and sophisticated security organizations, or for specific users and groups who will be uniquely targeted by adversaries. Such organizations are typically targeted by well-funded and sophisticated adversaries, and as such merit the additional constraints and controls described here.
A level 3 configuration should include all the configurations from level 5 and level 4 and add the following security policies, controls, and organizational behaviors.
## Policies
The policies enforced in SECCON 3 implement strict security configuration and controls. They can have a potentially significant impact to users or to applications, enforcing a level of security commensurate with the risks facing targeted organizations. Microsoft recommends disciplined testing and deployment using [the rings methodology](https://docs.microsoft.com/windows/deployment/update/waas-deployment-rings-windows-10-updates).
The policies enforced in level 3 implement strict security configuration and controls. They can have a potentially significant impact to users or to applications, enforcing a level of security commensurate with the risks facing targeted organizations. Microsoft recommends disciplined testing and deployment using [the rings methodology](https://docs.microsoft.com/windows/deployment/update/waas-deployment-rings-windows-10-updates).
### Security Template Policies
@ -115,7 +113,7 @@ The policies enforced in SECCON 3 implement strict security configuration and co
## Controls
The controls enforced in SECCON 3 implement complex security configuration and controls.
The controls enforced in level 3 implement complex security configuration and controls.
They are likely to have a higher impact to users or to applications,
enforcing a level of security commensurate with the risks facing the most targeted organizations.
Microsoft recommends using the Audit/Enforce methodology for controls with audit mode, and [the rings methodology](https://docs.microsoft.com/windows/deployment/update/waas-deployment-rings-windows-10-updates) for those that do
@ -128,7 +126,7 @@ not.
## Behaviors
The behaviors recommended in SECCON 3 represent the most sophisticated security
The behaviors recommended in level 3 represent the most sophisticated security
configuration. Removing admin rights can be difficult, but it is essential to
achieve a level of security commensurate with the risks facing the most targeted
organizations.

24
windows/security/threat-protection/windows-security-configuration-framework/level-4-enterprise-high-security.md
View File

@ -1,6 +1,6 @@
---
title: SECCON 4 Enterprise High Security
description: This article, and the articles it links to, describe how to use the Windows SECCON framework in your organization
title: Level 4 enterprise high security configuration
description: Describes the policies, controls, and organizational behaviors for Windows security configuration framework level 4 enterprise security configuration.
keywords: virtualization, security, malware
ms.prod: w10
ms.mktglfcycl: deploy
@ -14,24 +14,24 @@ ms.topic: conceptual
ms.date: 04/05/2018
---
# SECCON 4 security configuration for enterprise high security
# Level 4 enterprise high security configuration
**Applies to**
- Windows 10
SECCON 4 is the security configuration recommended as a standard for devices where users access more sensitive information. These devices are a natural target in enterprises today. While targeting high levels of security, these recommendations do not assume a large staff of highly skilled security practitioners, and therefore should be accessible to most Enterprise organizations.
A SECCON 4 configuration should include all the configurations from SECCON 5 and add the following security controls.
Level 4 is the security configuration recommended as a standard for devices where users access more sensitive information. These devices are a natural target in enterprises today. While targeting high levels of security, these recommendations do not assume a large staff of highly skilled security practitioners, and therefore should be accessible to most enterprise organizations.
A level 4 configuration should include all the configurations from level 5 and add the following security policies, controls, and organizational behaviors.
## Policies
The policies enforced in SECCON 4 implement more controls and a more sophisticated security
configuration than SECCON 5. While they may have a slightly higher impact to
The policies enforced in level 4 implement more controls and a more sophisticated security
configuration than level 5. While they may have a slightly higher impact to
users or to applications, they enforce a level of security more commensurate
with the risks facing users with access to sensitive information. Microsoft
recommends using [the rings methodology](https://docs.microsoft.com/windows/deployment/update/waas-deployment-rings-windows-10-updates) for these security configurations and
controls, with a moderate timeline that is anticipated to be slightly longer
than the process in SECCON 5.
than the process in level 5.
### Security Template Policies
@ -180,13 +180,13 @@ than the process in SECCON 5.
## Controls
The controls enforced in SECCON 4 implement more controls and a more sophisticated security
configuration than SECCON 5. While they may have a slightly higher impact to
The controls enforced in level 4 implement more controls and a more sophisticated security
configuration than level 5. While they may have a slightly higher impact to
users or to applications, they enforce a level of security more commensurate
with the risks facing users with access to sensitive information. Microsoft
recommends using the Audit/Enforce methodology for controls with an Audit mode,
and [the rings methodology](https://docs.microsoft.com/windows/deployment/update/waas-deployment-rings-windows-10-updates) for those that do not, with a moderate timeline that
is anticipated to be slightly longer than the process in SECCON 5.
is anticipated to be slightly longer than the process in level 5.
| Feature Set | Feature | Description |
|-------------------------------------------------------------|-------------------------------------------------------|----------------|
@ -196,7 +196,7 @@ is anticipated to be slightly longer than the process in SECCON 5.
## Behaviors
The behaviors recommended in SECCON 4 implement a more sophisticated security
The behaviors recommended in level 4 implement a more sophisticated security
process. While they may require a more sophisticated organization, they enforce
a level of security more commensurate with the risks facing users with access to
sensitive information.

20
windows/security/threat-protection/windows-security-configuration-framework/level-5-enterprise-security.md
View File

@ -1,6 +1,6 @@
---
title: SECCON 5 Enterprise Security
description: This article, and the articles it links to, describe how to use Windows security baselines in your organization
title: Level 5 enterprise security configuration
description: Describes the policies, controls, and organizational behaviors for Windows security configuration framework level 5 enterprise security configuration.
keywords: virtualization, security, malware
ms.prod: w10
ms.mktglfcycl: deploy
@ -14,18 +14,18 @@ ms.topic: conceptual
ms.date: 04/05/2018
---
# SECCON 5 security configuration for enterprise security
# Level 5 enterprise security configuration
**Applies to**
- Windows 10
SECCON 5 is the minimum security configuration for an enterprise device.
Microsoft recommends the following configuration for SECCON 5 devices.
Level 5 is the minimum security configuration for an enterprise device.
Microsoft recommends the following configuration for level 5 devices.
## Policies
The policies in SECCON 5 enforce a reasonable security level while minimizing the impact to users or to applications.
The policies in level 5 enforce a reasonable security level while minimizing the impact to users or to applications.
Microsoft recommends using [the rings methodology](https://docs.microsoft.com/windows/deployment/update/waas-deployment-rings-windows-10-updates) for these security configurations and controls, noting that the timeline can generally be short given the limited potential impact of the security controls.
### Security Template Policies
@ -200,7 +200,7 @@ Microsoft recommends using [the rings methodology](https://docs.microsoft.com/wi
### LAPS
Download and install the [Microsoft Local Admin Password Solution](https://www.microsoft.com/download/details.aspx?id=46899).
Download and install the [Microsoft Local Admin Password Solution (LAPS)](https://www.microsoft.com/download/details.aspx?id=46899).
| Feature | Policy Setting | Policy Value | Description |
|---------|----------------------------------------|--------------|-------------------------------|
@ -225,18 +225,18 @@ Download and install the [Microsoft Local Admin Password Solution](https://www.m
## Controls
The controls enabled in SECCON 5 enforce a reasonable security level while minimizing the impact to users and applications.
The controls enabled in level 5 enforce a reasonable security level while minimizing the impact to users and applications.
| Feature | Config | Description |
|-----------------------------------|-------------------------------------|--------------------|
| [Windows Defender ATP EDR](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/overview-endpoint-detection-response) | Deployed to all devices | The Windows Defender ATP endpoint detection and response (EDR) provides actionable and near real-time detection of advanced attacks. EDR helps security analysts , and aggregates alerts with the same attack techniques or attributed to the same attacker into an an entity called an *incident*. An incident helps analysts prioritize alerts, collectively investigate the full scope of a breach, and respond to threats. Windows Defender ATP EDR is not expected to impact users or applications, and it can be deployed to all devices in a single step. |
| [Windows Defender Credential Guard](https://docs.microsoft.com/windows/security/identity-protection/credential-guard/credential-guard) | Enabled for all compatible hardware | Windows Defender Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. Unauthorized access to these secrets can lead to credential theft attacks, such as Pass-the-Hash or Pass-The-Ticket. Windows Defender Credential Guard prevents these attacks by protecting NTLM password hashes, Kerberos Ticket Granting Tickets (TGTs), and credentials stored by applications as domain credentials. There is a small risk to application compatibility, as [applications will break](https://docs.microsoft.com/windows/security/identity-protection/credential-guard/credential-guard-requirements#application-requirements) if they require NTLMv1, Kerberos DES encryption, Kerberos unconstrained delegation, or extracting the Keberos TGT. As such, Microsoft recommends deploying Credential Guard using the ring methodology. |
| [Windows Defender Credential Guard](https://docs.microsoft.com/windows/security/identity-protection/credential-guard/credential-guard) | Enabled for all compatible hardware | Windows Defender Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. Unauthorized access to these secrets can lead to credential theft attacks, such as Pass-the-Hash or Pass-The-Ticket. Windows Defender Credential Guard prevents these attacks by protecting NTLM password hashes, Kerberos Ticket Granting Tickets (TGTs), and credentials stored by applications as domain credentials. There is a small risk to application compatibility, as [applications will break](https://docs.microsoft.com/windows/security/identity-protection/credential-guard/credential-guard-requirements#application-requirements) if they require NTLMv1, Kerberos DES encryption, Kerberos unconstrained delegation, or extracting the Keberos TGT. As such, Microsoft recommends deploying Credential Guard using [the rings methodology](https://docs.microsoft.com/windows/deployment/update/waas-deployment-rings-windows-10-updates). |
| [Microsoft Edge](https://docs.microsoft.com/microsoft-edge/deploy/) | Default browser | Microsoft Edge in Windows 10 provides better security than Internet Explorer 11 (IE11). While you may still need to leverage IE11 for compatibility with some sites, Microsoft recommends configuring Microsoft Edge as the default browser, and building an Enterprise Mode Site List to redirect to IE11 only for those sites that require it. Microsoft recommends leveraging either Windows Analytics or Enterprise Site Discovery to build the initial Enterprise Mode Site List, and then gradually deploying this configuration using [the rings methodology](https://docs.microsoft.com/windows/deployment/update/waas-deployment-rings-windows-10-updates). |
| [Windows Defender Application Guard](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview) | Enabled on compatible hardware | Windows Defender Application Guard uses a hardware isolation approach. If an employee goes to an untrusted site through either Microsoft Edge or Internet Explorer, Microsoft Edge opens the site in an isolated container, which is separate from the host operating system and enabled by Hyper-V. If the untrusted site turns out to be malicious, the isolated container protects the host PC, and the attacker can't get to your enterprise data. There is a small risk to application compatibility, as some applications may require interaction with the host PC but may not yet be on the list of trusted web sites for Application Guard. Microsoft recommends leveraging either Windows Analytics or Enterprise Site Discovery to build the initial Network Isolation Settings, and then gradually deploying this configuration using [the rings methodology](https://docs.microsoft.com/windows/deployment/update/waas-deployment-rings-windows-10-updates). |
## Behaviors
The behaviors recommended in SECCON 5 enforce a reasonable security level while minimizing the impact to users or to applications.
The behaviors recommended in level 5 enforce a reasonable security level while minimizing the impact to users or to applications.
| Feature | Config | Description |
|---------|-------------------|-------------|