微软(Microsoft)模仿DEFCON级别,泄露了“ SECCON 框架(SECCON Framework)”,即通用的Windows 10 安全配置框架(Windows 10 Security Configuration Framework)。此框架有助于标准化应应用于Windows 10系统的基本安全设置。它包含一系列指南,有助于在不同环境中保护一系列Windows 10配置。
Windows 10安全配置框架(Security Configuration Framework)或SECCON 框架(SECCON Framework)
(Chris Jackson)微软(Microsoft)首席项目经理(Principal Program Manager)Chris Jackson说,
We sat down and asked ourselves this question: if we didn’t know anything at all about your environment, what security policies and security controls would we suggest you implement first?
结果就是微软(Microsoft)所命名的——SECCON 框架(The SECCON framework)。Windows 10安全配置框架从第 1 级的“管理员(Administrator)工作站”开始,到第 5 级的“企业安全”,是微软为简化和标准化Windows 10上的安全系统所做的努力。这种安全配置不是通用的解决方案,而是一种简化的配置,企业级用户可以使用它来满足许多常见的设备配置和场景。
Windows 10安全配置框架中的五个级别
Windows 10企业安全配置框架由微软(Microsoft)基于“通用设备场景”定义为5个不同级别:企业安全(Enterprise Security)、企业高安全(Enterprise High Security)、企业VIP安全(Enterprise VIP Security)、DevOps工作站(DevOps Workstation)、管理员工作站(Administrator Workstation);分别为5(Levels 5) – 1 级。
在这里,较低的数字表示更高程度的安全强化。以下是Windows 10 安全配置框架(Security Configuration Framework)中的 5 个级别。
- 第 5 级:企业安全
- 级别 4:企业级高安全性
- 级别 3:企业 VIP 安全性
- 第 2 级:DevOps 工作站
- 级别 1:管理员工作站
让我们简要解释一下这些安全级别:
1] 5 级 - 企业安全:(1] Level 5 – Enterprise Security:)
企业(Enterprise)安全或5 级(Level 5)是企业设备的最低安全配置。此安全配置级别包含通常简单明了的建议,旨在在 30 天内部署。
2] 4 级 - 企业高安全性:(2] Level 4 – Enterprise High Security:)
建议用户需要访问机密/敏感信息的设备使用此配置。这些控件很少会影响应用程序的兼容性,因此通常会通过审核-配置-执行工作流程。根据Microsoft的说法,管理员可以访问(Microsoft)级别 2(Level 2)的建议,并且可以在 90 天内部署配置。
3] 3 级 - 企业 VIP 安全性:(3] Level 3 – Enterprise VIP Security:)
专门针对由拥有更大或更复杂的安全团队的组织运行的设备,或专门针对高风险的特定用户/组。一个容易成为资金雄厚和老练竞争对手的目标的组织应该采用这种配置。部署这组配置可能很复杂,通常需要 90 天以上。
4] 2 级 - DevOps 工作站:(4] Level 2 – DevOps workstation:)
Microsoft向开发人员和测试人员推荐此配置,因为他们在保存高价值数据或运行关键业务功能的系统上是一个有吸引力的目标。此级别仍在开发中,一旦准备就绪,微软将发布公告。(Microsoft)
5] 1级 - 管理员工作站:(5] Level 1 – Administrator Workstation:)
(Administrator Workstation)Windows 10安全配置框架(Security Configuration Framework)( SEECON )中的管理员工作站或级别 1(Level 1)专为“面临最高风险,包括数据盗窃、数据更改或服务中断”的管理员而设计。 (“face the highest risk, through data theft, data alteration, or service disruption.” )和Level 4一样,这个级别也在开发中,一旦准备好微软就会发布公告。(Microsoft)在Microsoft Docs(Microsoft Docs)中阅读有关此级别的更多信息。
安全控制分类
由于与每种设备类型相关的风险级别,Windows 10安全配置框架在较低级别的限制性更强。每个级别的建议分为 3 个不同的类别:
- 策略(Policies):这些建议在设备上配置某些安全策略,例如应用最小密码长度、密码复杂性要求、停用访客帐户、某些防火墙规则或限制特定用户组的某些权限。
- 控制(Controls):该组建议使用某些特定的安全功能或应用程序。例如,第 5 级(Level 5)控件建议配置某些Windows Defender功能,如应用程序防护(Application Guard)或凭据防护(Credential Guard),并使Microsoft Edge成为默认浏览器。
- 行为(Behaviors):该组定义了安全过程,例如在发布后的特定持续时间内安装安全更新或从管理员组中没收尽可能多的用户。
微软(Microsoft)表示,这是一个草稿版本,他们正在收集希望实施设备安全加强计划的组织的反馈。您可以在 docs.microsoft.com上阅读更多内容。
Windows 10 Security Configuration Framework for Enterprises
Mimicking the DEFCON levels, Microsoft divulged the “SECCON Framework” i.e. a generic Windows 10 Security Configuration Framework. This framework aids in standardizing the basic security settings that should be applied for Windows 10 systems. It consists of a series of guides which help in securing a range of Windows 10 configurations in diverse environments.
Windows 10 Security Configuration Framework or SECCON Framework
Chris Jackson, Principal Program Manager at Microsoft said,
We sat down and asked ourselves this question: if we didn’t know anything at all about your environment, what security policies and security controls would we suggest you implement first?
The result was what Microsoft has named – The SECCON framework. Opening with an “Administrator workstation” at level 1 building up to the “Enterprise security” at level 5, the Windows 10 security configuration framework is Microsoft’s effort to simplify and standardize the security system on Windows 10. This security configuration isn’t a universal solution, yet a simplified configuration which could be used by enterprise-level users to meet many common device configurations and scenarios.
The five levels in Windows 10 security configuration framework
Windows 10 security configuration framework for enterprises is defined based on “Common Device Scenarios” in 5 different levels by Microsoft: Enterprise Security, Enterprise High Security, Enterprise VIP Security, DevOps Workstation, and Administrator Workstation; Levels 5 – 1 respectively.
Here, the lower numbers indicate a higher degree of security hardening. Following are the 5 levels in Windows 10 Security Configuration Framework.
- Level 5: Enterprise Security
- Level 4: Enterprise High Security
- Level 3: Enterprise VIP Security
- Level 2: DevOps workstation
- Level 1: Administrator Workstation
Let’s briefly explain each of these security levels:
1] Level 5 – Enterprise Security:
Enterprise security or Level 5 is the minimum-security configuration for an enterprise device. This security configuration level contains recommendations that are generally straightforward and designed to be deployed within 30 days.
2] Level 4 – Enterprise High Security:
This configuration is recommended for devices where users need to access confidential/sensitive information. Few of these controls can impact app compatibility, hence often pass through an audit-configure-enforce workflow. According to Microsoft, recommendations for Level 2 are accessible to the administrators and the configurations can be deployed within 90 days.
3] Level 3 – Enterprise VIP Security:
Aimed specifically at devices run by organizations having a larger or more sophisticated security team, or for specific users/groups who are at exclusively high risk. An organization who is prone to get targeted by well-funded and sophisticated rivals should pursue this configuration. Deploying this set of configurations may be complex and can often take more than 90 days.
4] Level 2 – DevOps workstation:
Microsoft recommends this configuration to the developers and testers, who are an attractive target since they are on systems holding high-value data or running critical business functions. This level is still under development, and Microsoft will make an announcement as soon as it’s ready.
5] Level 1 – Administrator Workstation:
Administrator Workstation or Level 1 in Windows 10 Security Configuration Framework (SEECON) is designed for administrators who “face the highest risk, through data theft, data alteration, or service disruption.” Like Level 4, this level is also under development, and Microsoft will make an announcement as soon as it is ready. Read more about this level in the Microsoft Docs.
Security Control Classification
Owing to the risk levels associated with each device type, the Windows 10 security configuration framework is more restrictive in the lower levels. Recommendations for each level are alienated into 3 different categories:
- Policies: These suggest configuring certain security policies on devices like applying a minimum password length, password complexity requirements, deactivating guest accounts, certain firewall rules, or limiting certain rights to specific user groups.
- Controls: This group recommends the use of certain specific security features or applications. For example, Level 5 controls advise to configure certain Windows Defender features like Application Guard or Credential Guard and make Microsoft Edge the default browser.
- Behaviors: This group defines security processes like installing security updates in specific duration after release or confiscating as many users as possible from the administrator group.
Microsoft says, this is a draft version and they are gathering feedback from organizations who are looking to implement a device security tightening program. You can read more at docs.microsoft.com.