SECURITY: Basic somename Security Config 2021

Last updated
Jul 25, 2021
About
Personal, primary device
Additional PC users
Not shared with other users
Desktop OS
Windows 10
OS edition
Enterprise
Login security
    • Password (Aa-Zz, 0-9, Symbols)
Primary sign-in
Local account
Primary user
Standard user - Limited permissions
Other users
Other accounts are Admin users
Security updates
Automatic - allow all types of updates
Windows UAC
Maximum - always notify
Network firewall
None or Don't know
Real-time protection
Microsoft Defender configure with group policy
Software firewall
Windows Firewall (for Windows 8.1 or older)
Custom RTP, Firewall and OS settings
Firewall:
-block all incoming connections
-Hard_Configurator lists

Bitlocker setup on all drives with passphrases+tpm
Hard_Configurator recommended setup without default deny policy
core isolation, secure boot
bcdedit /set nx alwayson
print service disabled
swap disabled

(following config descriptions are from securitynigthmares config)
  • Data Execution Prevention (DEP) enforced to AlwaysOn
  • Microsoft Defender runs in a sandbox (AppContainer)
  • Windows Explorer:
    • Hidden files and folders - Show hidden files: activated
    • Hide extensions for known file types: deactivated
  • Windows Security -> App & Browser control -> Exploit-Protection -> Enable Random Arrangement for Images (Mandatory ASLR) enabled
  • Windows Updates -> Settings -> Downloads from other PCs deactivated
  • removed the following optional Windows features:
    • Internet Explorer 11
    • Internet Printing Service (under Print and Document Services)
    • Maths recognition
    • Microsoft Remote Help
    • OpenSSH Client
    • Paint 3D
    • SMB Direct
    • Windows Fax and Scan
    • Windows Hello Face Recognition
    • Windows Media Player
    • Windows PowerShell Integrated Scripting Environment
    • Working folder client
Malware testing
No malware samples
Periodic security scanners
standard windows intervalls
Secure DNS
none (edited)
VPN
nordvpn for file sharing (would rather get mullvad)
Password manager
KeepassXC
Browsers, Search and Addons
edge mostly using wdag,
duckduckgo,
no addons, except sometimes ublock in wdag for watching youtube
Maintenance and Cleaning
win 10 disk cleanup
Personal Files & Photos backup
copy and paste (ctrl+c/v)
Personal backup routine
Manual (maintained by self)
Device recovery & backup
windows internal one
Device backup routine
Automatic (scheduled)
PC activity
  1. Browsing the web. 
  2. Browsing to unknown sites. 
  3. Downloading software. 
  4. File sharing and torrents. 
  5. PC and cloud gaming. 
  6. Multimedia. 
Computer specs
Ryzen 5 3600
AMD RX 5700
MSI B450M Mortar Max
48GB 3200mhz Ram
few nvme/sata ssds
Feedback Response

General feedback

somename

New Member
Jul 16, 2021
5
This is a quite insecure windows setup for gaming, filesharing and media consumption/creation, although I would like for it to become better in the future.
This setup will never reach good security, because of filesharing and light gaming, but it's not handling important personal data/transactions.
Work in progress, happy about feedback.

credits/thanks go to anupritaisno1, beerisgood-win10hardening, andy ful and more
 
Last edited:

harlan4096

Moderator
Verified
Staff member
Malware Hunter
Apr 28, 2015
7,402
Periodic security scanners: You may add here some 3rd party tools such as EmsiSoft E. Kit, HitManPro...

Personal Files & Photos backup: You may use cloud services

Device recovery & backup: You may add here a full system back solution such as Macrium Reflect / AOMEI Backupper
 

somename

New Member
Jul 16, 2021
5
48 gigs, wow, why so much?
Ram is cheap these days and I was using QubesOS before switching to Windows. When I built this pc, ram was expensive, so I went for 16gigs and added more later. Otherwise I would've gotten 32gb right away.
I am thinking about upgrading to Ryzen 3 for hardware shadow stack as well, but then I should probably invest some time into finding a decent motherboard. I'll proly wait.

Thanks for all the input (y)
 
Top