Windows 10 Devices should be Connected to DMZ?

Human vulnerabilities are more dangerous than Windows 10 Endpoint security vulnerabilities. However, we need to make sure endpoints are adequately protected to avoid any security violations. In this post, you will Windows 10 Security considerations and a security checklist.

Did you get chance to read about Microsoft Numbers article and the 1.5 billion Windows powered devices are used around the world? This number is one of the reasons for having a more sophisticated attack on Windows devices.

Endpoint Security Vulnerabilities

Endpoint devices are most vulnerable in your business environment than any other components. Your Data Centers have two layers of protection:

Patch My PC
Physical Security Protection
Digital Security Protection

Why Windows is most commonly attacked platform because Windows is the most used endpoint operating system (OS) in the enterprise world. What are the security measures we take for endpoints? All our endpoint devices are protected as data center and servers? No, endpoints are not protected and secured (both digitally and physically) as servers and other devices in the Data Center.

Windows 10 Endpoints Should Connect to DMZ Network (Crazy?)

In every organization, we have different network segments, and DMZ segment is the most secured network? Mainly proxy servers and internet connected servers are places in this network zone.

DMZs are intended to function as a sort of buffer zone between the public internet and the organizational network. There will be two firewalls to screen all inbound network packets before they arrive at the servers the organization hosts in the DMZ.

My crazy idea is to consider endpoints as highly vulnerable and place all endpoints into the DMZ segment of your organization’s network. But I don’t think this is going to work out because the end user experience would be pathetic if you connect Windows 10 endpoints to DMZ network segment.

Windows 10 Security

Windows 10 should NOT Connect to Enterprise Network?

What if I say, Windows 10 endpoint should not directly connect to enterprise network at all? Do you think that would be possible? We can make it possible.

You can manage Windows 10 devices which are on the internet with Intune. Even SCCM CMG can be used to manage internet-based Windows 10 endpoint management. Is this direct internet connection more secure?

You can use modern technologies like Azure App Proxy and Per-App VPN to get connected on-prem applications without any direct connection to the enterprise network. Is this safer? Yes, could be safer. But still, you need to ensure that your Windows 10 security is tight.

Windows 10 Security Checklist Starter Kit?

Windows 10 already provides the following security features. Hardware-based isolation, Network Protection, Controlled Folder Access, Exploit Protection, and other technologies reduce the attack surface and increase attacker costs.

Microsoft is delivering advanced world protection for Windows 10 powered devices. Recently, they announced an enhancement to Windows Defender Antivirus. Defender antivirus can now run in a sandbox.

The following are some of the points which you need to check before your Windows 10 mass deployment. The full Windows 10 security checklist is explained in the webinar by IT PRO Today and Adaptiva.

Device Guard Enabled
Credential Guard Enabled
Application Guard Enabled
Application Control Enabled
Attack Surface Reduction Applied

Adaptiva has provided a checklist for Windows 10 security. There was also a webinar on Windows 10 security checklist. I think all IT Pros should watch this recorded webinar and implement these security measures in your Windows 10 devices.

More details available in the following link Windows 10 Security Checklist Webinar.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.