The Federal Office for Information Security (BSI) has published recommendations for action to secure Windows systems in German and English as part of the “Study on system structure, logging, hardening and security functions in Windows 10” (SiSyPHuS Win10).
Most of the successful attacks on IT systems with Microsoft Windows 10 can already be detected or prevented with the on-board tools in the operating system. In order to facilitate the necessary configuration of the operating system, the Federal Office for Information Security (BSI) has issued recommendations for action to secure Windows systems in German as part of the "Study on system structure, logging, hardening and security functions in Windows 10" (SiSyPHuS Win10) and published in English. A focus during the creation was on simple implementation and practical application. The BSI therefore provides the recommended configuration settings as group policy objects (GPO) that can be imported directly into Windows - a service that is fast and secure.
Recommendations as importable GPOs
“As the federal cyber security authority, it is the task of the BSI to always think about digitization and information security together. We support users in government, business and society in using IT products and software safely. More than a third of computer users worldwide use Windows 10, and the trend is rising. That is why we put the operating system through its paces and derive specific recommendations from it that we can use to make digitization more secure, ”explains Arne Schönbohm, President of the BSI.
This publication is part of a comprehensive security analysis in which the BSI examines the security-critical functions of the operating system. The aim is to be able to evaluate the security and residual risks for the use of Windows 10, to identify framework conditions for a safe use of the operating system and to create practical recommendations for hardening and safe use of Windows 10.
Recommendations are aimed at authorities and companies
The recommendations from SiSyPHuS Win10 are primarily aimed at federal and state authorities as well as at companies. But also tech-savvy citizens can implement the recommendations, depending on the Windows 10 version used.
The subject of investigation is Windows 10 Enterprise LTSC 2019 64bit in German. The analyzes that have already been completed and carried out on the basis of LTSC version 1607 are compared with the current LTSC version and updated to the new operating system version.
The recommendations for the security functions, GPO and other published partial results of the study are available on the BSI website. The BSI will successively publish further results from other sub-areas of the study. The analyzes include components such as the Powershell, the “Application Compatibility Infrastructure”, the driver management and the PatchGuard.
More at BSI.bund.de