Running Header: WINDOWS APPLICATION POLICY 1

Securing Windows Applications Policy

Name

Instructor

Institution

Date
WINDOWS SECURITY GUIDE 2

Windows security defaults are not strong enough to protect one’s computer from threats.

There are various vulnerabilities in a windows PC: vulnerabilities in apps like Skype that come

bundled with Windows, non-Microsoft Software, unpatched drivers, and unsecured firmware.

The first step is to have a system restore point (enabled). This will act as a backup/save point for

the machine in case of a compromise. All software in the operating system as well as the drivers

should be up to date with the latest versions (Roth et al, 2016). This can be done with a windows

update assistant available in the internet.

Windows offers administrator options to have one or multiple user accounts which are in

turn protected by a passwords and other optional authentication mechanisms. The password

policy should only require users to have a strong password (has all the keyboard characters and a

minimum of 12 characters). To increase this security during the sign in process, one can install a

Microsoft feature known as windows hello that offers two step verification process. Users should

configure these accounts to authorize groups, users and computers access to network resources.

For instance, only the primary local administrator account should have the rights to modify

system configurations and install software. On the other hand, secondary accounts should be set

up for standard users to prevent them from installing harmful software.

To protect data from getting stolen, one way is enabling Bitlock device encryption that

encrypts all data using XTS-AES standard. It’s also wise to enable the antivirus and firewall

protection in the OS (Chari et al, 2016). these are available in the Windows Defender Security

Centre as well as the System and Security (available in the Control Panel). Windows users

should also configure their PC to prevent nonauthorized apps from running (application

whitelisting policy). One way is to allow apps only downloaded from the store to run.
WINDOWS SECURITY GUIDE 3

Other configurations that harden windows computer are disabling remote access,

disabling automatic login, setting up user account, using lock screen with a timeout, enabling

controlled folder access, not using the administrator account, installing antispyware software

from trusted sources, ignoring spam, securing your network, constantly removing unnecessary

files and software among others (Czyz et al, 2016). Lastly, with the threat landscape being

complex, there should be a continuous integrity validating and monitoring of the layered security

approach.
WINDOWS SECURITY GUIDE 4

References

Chari, S. N., Molloy, I. M., Park, Y., & Teiken, W. (2016). U.S. Patent No. 9,288,232.

Washington, DC: U.S. Patent and Trademark Office.

Chari, S. N., Molloy, I. M., Park, Y., & Teiken, W. (2016). U.S. Patent No. 9,246,945.

Washington, DC: U.S. Patent and Trademark Office.

Czyz, J., Luckie, M., Allman, M., & Bailey, M. (2016). Don't Forget to Lock the Back Door! A

Characterization of IPv6 Network Security Policy. In Network and Distributed Systems

Security (NDSS).

Roth, G. B., Popick, D. S., & Weiss, J. (2016). U.S. Patent No. 9,325,739. Washington, DC: U.S.

Patent and Trademark Office.