Securing Windows 10 – Part One “Least Privilege”

Recent events turned a light on IT security threats, not only for companies who usually pay higher attention to this type of topics, but also for end users. The rapid increase in ransomware attacks started targeting also personal data vault with users losing their personal memories or business projects on their home devices. Modern times require what it is called a “Security by Design” approach, considering cybercrime will cost more than 6 trillions in damages by the end of 2021. So I decided to come up with a series of posts for securing windows 10 devices, to help everybody mitigate the IT risk.

The first of the articles is based on a well known principle of cybersecurity, the least privilege  principle. Let’s dig a little deeper to understand what on earth is this principle. In our home/office devices, we have two types of users, standard users and privileged access users. The first one is a kind of user that can perform normal day to day operations, generally speaking he can use software and services that are already installed on the computer, but they cannot alter the system nor install new software, nor change the configuration of the machine. The second type, is the kind of account that can alter the machine, installing new software, changing the configuration, etc.

In a normal company, let’s say 90% of users are using standard users accounts, because a privileged access is not required to perform their operations.

The usage of privileged accounts is demanded to system administrators and network administrators, who look after users security and maintenance. But when it comes to home users, most of all now with the need of smart working due to Covid19, nobody takes care of their security and this can represent a threat to home and company devices. When a home user installs his/her home computer, doesn’t pay attention about what kind of account is using and normally would perform all operations with the first user he created, a privileged one. But if you surf internet or insert a usb key with a privileged account, if a malware enters the system, can modify and damage the system itself, while for something like the 70% of threats, if they enter the system in a standard profile session, they will not be able to damage or modify it. So let’s see how to secure or harden – hardening is the act of securing a device – our home device  through the creation and the usage of a standard account for day to day operations(surfing internet, composing emails, creating documents, etc.).

  • Click on the Windows “Start” Icon
  • Scroll down to the “Windows Settings” icon and click it to expand
  • Click on Accounts
  • Click on “Other users”, then on “add someone else to this PC”,
  • Select “I don’t have this person’s sign-in information”, then in the following window choose “Add a user without a Microsoft account”
  • Create a username, choose a password and 3 security questions and answers, click next and we are done.

By default the newly created user will be a standard user, with which we will perform from now on all our day to day operations, whether in case we need to maintain our pc, we will use the privileged account.

Posted in Hardening, Sicurezza ITTags:
Write a comment