BASIC WINDOWS SYSTEM SECURITY OR ENDPOINT SECURITY

Hello Everyone,

Today we are discussing here about System Security or Endpoint Security

It’s every IT Professional to secure your data With Multi Layer Protection, We will talk about Windows Systems in here. Your Basic Windows Systems have Multilayer Protection to protect your data.

We will discuss about how to secure your Windows Systems in Four Different Methods.

They Are

1. Bios Password
2. Login Password
3. SysKey Password
4. BitLocker Protection

BIOS PASSWORD

Bios Password helps the user to protect their Devices at the time of Starting. It Protect the Device at the time of Hardware Initialization in the BIOS.

Let’s See how to do

Here i am using Windows 7 Virtual Machine for Practice

When the Operating System starts press the respective key to enter into your Bios Setup. Here its F2 Key.

Once you get into Bios Setup. You will get this Window

Get into Security Tab then Set up the password for “Set Supervisor Password”

Set the Supervisor Password

Saved the Changes you made

Enable the Password on Boot Option

Save all the Configuration and Exit the setup by pressing F10

Whenever you Restart the Machine, You will be Asked to Enter the BIOS Password you set up in the previous Steps. This is your Very First Step of Protection.

SYSKEY PROTECTION :

Syskey Protection method of storing the SAM key in a removable Disk. To start your Particular Machine, you need this particular SAM key to logged into your Computer.

Am using a Removable USB in here for the Practice.

Open RUN and type syskey and hit Enter.

Click on Yes

In the Securing the Windows Account Database Window Click on Update.

In the Startup Key window Choose the option Store Startup Key on Floppy Disk. Don’t Click on Ok.

Open Disk Management. then choose your Removable Device and right click on it and Choose the option Change Drive Letter and Paths.

Change the Drive label to “A”. Because the SYSKEY can be mounted only in Floppy Disk that Carries Label A.

You can assign the Label in the Change Drive Letter or path Window

Click on ok now in the Startup Key Window. Then click on ok in all upcoming popups.

When ever you log in will prompt you to enter the Drive with that Syskey stored otherwise it will not let you inside your Computer. If you lost it you need to change your OS.

I Plugged in my Pendrive then clicked OK. Then I was able to login properly

NOTE : SYSKEY is no longer supported in Latest Windows Operating Systems.

LOGIN PASSWORD SECURITY:

This is our usual Password Security that we all know to secure our Computer setup your password by opening your user accounts.

Click on Create a password for your account.

Set up a new password and confirm it again in the next field then create password.

Click on Create Password

BITLOCKER SECURITY

This is our Fourth Way of Security for your Device Drives at Rest.

Bitlocker Utility is only for Windows Operating Systems Professional, Ultimate and Education Versions. Its not available in Home Versions.

Open Bitlocker by searching it from the Start Button.

Click on Turn on Bitlocker Option

If it shows you this error you need to Enable TPM in your Group Policy Editor.

Open Run and type gpedit.msc and hit enter

In the local group policy.

Get into windows Components and Bitlocker drive encryption

Choose Operating System Drives

Choose Require Additional authentication at startup option in the right panel.

Choose the Radio Button Enabled and ensure it is allowing TPM in the Bottom window.

Click on apply and ok

Now you will be able to turn on Bitlocker.

Click Next to prepare your drive for Bilocker

Create a password for your Bitlocker

Save your Recovery in the Unencrypted drive to use it incase if you forgot your bitlocker password.

Choose the USB Flash drive and click on Save.

Click save to save your Recovery Key.

Choose encrypt option and click next

Your Encryption will get started after this. In my case it is starting after I restart my machine.

So, these are all the above methods on how to secure your windows End Point in an Efficient Way.

Hope you gained some quality content today.

See you again in another Blog

AUTHOR:
SAM NIVETHAN V J
SECURITY ANALYST & INFOSEC TRAINER