In today's lesson, we're gonna talk about Windows' built-in security controls. We're gonna discuss the many features that Windows has for security. There's a lot of them, but we're gonna – I'm gonna explain how users can use them. I'm gonna explain how enterprises can use them and system administrators can use them as well. And we're gonna discuss how that technology can affect or might not affect the user, overall user experience. The first technology Windows has built in is Windows Defender. It's Windows' anti-virus. It's configurable by both the system administrator and the end user. The system administrator can run scans from the server, or the user can run their own scans, administrators can put controls on them so that it's always scanning certain files or not scanning certain files and so can end users. In Windows 10, we've seen the Defender actually become more robust. We're now we're looking at cloud services and they're feeding information into Windows Defender to make it better. For user experience, users don't generally know what's running. It has been really streamlined in the past several years for performance. However, depending on the operating system, let's say that you don't use Windows 10, you use Windows 7 or Windows 8. You're going to get not the same experience and, in fact, Microsoft has actually said before that their Defender technology is only the baseline of security – it doesn't cover everything. So you may want other security controls in place to protect your Windows environment. The next feature is the Windows Firewall. This has been prevalent in Windows ever since Windows XP came out back in 2000. It's a standard GUI or CLI-based technology where you can configure, well, the administrator and the end user can both configure the firewall to block or allow ports or applications or services depending on what you want to do to protect your system. This is, again, configurable by the end user and also by the system administrator. For example, here at the university, we lock down shared printing. The reason why we do that is in case someone decides to have a sensitive document and print it out where it shouldn't be printed out, we lock that down so that can't happen. So you have to request a firewall exception which then we move that person into a different organizational unit which we've talked about before to allow them to do the configurable or the shared printing, rather. User experience: user only notices if something has been blocked. It's very, really, there's no performance hit on the user experience. Next technology is Secure Boot and UEFI. Windows, ever since Windows 8, we've seen the emergence of Secure Boot. It basically verifies that the bootloader is consistent and is a validated bootloader on the system. If a virus were to get into the bootloader and manipulate some of those operating system and the kernel functions, then Secure Boot would say we're not booting the system. It's not configurable by the end user and it's not also configurable by the administrator, it's just built it. So the only time a user is gonna notice it is when they actually start up their system. Some of the newer technology, I'm sorry, rather the older technology cannot use Secure Boot because it doesn't have enough requirements to actually run it. The next technology is VBS. This is actually new within Windows 10 and Windows Server 2016. A VBS is... or stands for virtualization-based security. This one is very, in my opinion, very difficult to implement. The reason why is it takes a lot of requirements in order to run some of the capabilities that we have with the virtualization-based security. So we have to have a TPM chip, we have to have some additional virtualization technology in our chipset like SLAT, which stands for Second Level Address Translation, and there's several other technologies in order to get virtualization-based security to run appropriately. However, once it's actually running, it separates the specific processes, the security processes, from the underlying applications so that if a virus were to get in, the operating system is going to be protected. It's very, very robust. So Device Guard and Credential Guard are next to security technologies built into Windows, and these use virtualization-based security as well to protect, not only devices, but credentials. That's why they named it Device Guard and Credential Guard. So they use the virtualization sublayer to run different components of that operating system whether you're running credentials through the LSASS process or if you're running different devices like a USB drive as well. Okay. The last technology is called DEP, stands for Data Execution Prevention. We can turn DEP onto any application that we want. Basically, it allows what memory is running to only be accessed, that certain amount of memory, only by the program. So if a virus, rather, were to enter into that program and execute, we can't go outside that program. It's configured either through the administrator or the end user to run. However, it can be very cumbersome on users if there is an update, for example, or if the memory needs to expand. So in conclusion, Windows has many different features, security features that will enable us to make our Windows systems more, well, protected, essentially. There are a lot more security features built into Windows but those were just some of the main ones that we want to focus on. They'll help us decrease our overall attack surface if we use them appropriately. Windows provides security to protect systems and end users. However, they are only effective if we program them correctly.
