aidarrow-end-inversearrow-endarrow-left-angulararrow-left-angularWhy choose AvectoAchieve complianceOperational efficiencycompliancedefendpoint-coloureddefendpoint-thin-2DesktopScaleResources.iconsAsset 21insider-threatsavecto-logo-smallquotation-marksransomwareArticleUse caseWebinarResources.iconssafePrevent attacksAsset 19social-engineeringTrustedtriangleStop insider attacksAsset 20Resources.iconsResources.iconszero-days


Guide to defense in depth: The hidden flaws in Windows

Page 02 Download the eBook

The hidden flaws in Windows

Windows' security subsystem works like an onion model, with many different layers. We can't forget the most important layer of educating users and having good written instructions, training and security policies - as social engineering is still the most difficult form of attack to protect against.

All other layers can be technically hardened and configured for different levels of security though - it's the human factor which remains mostly out of our control.

The foundation of Windows’ security subsystem relies on a few basic rules:

01 Administrative users cannot be controlled by design and therefore all other security measures will be vulnerable if a user has administrative access to his or her operating system

02 You cannot build a secure Windows-installation without restricted physical access or hard drive encryption

These are the strongest laws of security for Windows so we'll start with these two topics and the dive into other solutions that can be implemented if these are taken care of properly.

For a laptop computer without tight physical security, you need to have both of the above in place as the lack of hard drive encryption actually leads to a situation where administrative access to a box can be achieved with a single command - as I've presented in numerous different conferences.