Security Control Overviews
Learn more about the security controls we check, what they do, and how to enable them.
Security Control Areas
Our security controls are split into 5 main groups: Privacy, Operating System, Network, Google Chrome, and Adobe. These comprise a comprehensive overview of the most common areas for malicious attacks and weaknesses. More detailed information about specific security controls can be found in the User Manual.
Privacy Checks
Privacy checks involve unauthorized usage or access to your account, particularly in the realm of identification. Our privacy controls check for potential unauthorized access to your computer locally, as well as protecting personal data. Oftentimes, your personal information can be compromised by settings that allow for data collection without your knowledge. By enabling or disabling certain privacy controls, you can retain control over your personal data as well as ensure that your local accounts have sufficient protection.
Privacy security controls:
Location Tracking - P001
WiFi Sense - P002
Camera Access - P003
Control LAN Manager Password Hash - P004
Prevent Password-less Accounts - P005
Operating System Checks
Operating system controls involve Windows settings that affect required access levels as well as other actions to install and run applications. These security controls help regulate who can make system-altering decisions, such as installing and running software. By ensuring that every software installation is reviewed and risk-minimizing procedures are taken, chances of running and installing malicious software decreases drastically.
Operating System checks:
Windows SmartScreen - O001
Windows Installer Privileges - O002
Windows Installer Scripts - O003
Windows Remote Management - O004
Data Execution Prevention - O005
Network Security Checks
Network security checks involve Windows settings that affect what connections your computer comes into contact with. By ensuring that you have the proper network security controls set up, you can regulate what external connections your computer comes into contact with, as well as what information is provided to networks. Firewalls are one example of essential network security controls that help you regulate contact with potentially malicious sources.
Network Security checks:
Private Profile - N001
Private Block - N002
Private Outbound Connections - N003
Public Unsolicited Inbound Connections - N004
Security Account Manager Remote Call - N005
Google Chrome Checks
Google Chrome checks involve Chrome browser settings that affect certain characteristics of your browsing experience. Google Chrome controls and browser controls help ensure sites that you browse are safe and are verified, lessening your exposure to malware. Additionally, Google Chrome gathers information about yourself to improve its services, and certain security controls reduces risk of exposing personal and sensitive information.
Google Chrome checks:
Block Outdated Plugins - C001
Chrome Automatic Updates - C002
Disable Firewall Traversal - C003
Enforce Certification Revocation Checks - C004
Disable Network Prediction - C005
Adobe Reader and Acrobat Security Checks
Adobe security checks primarily involve settings that expose you to risk through mediums such as PDFs. While not as well-known, PDFs can and do pose a threat to computers by having PDFs carry malicious attachments or run malicious scripts to damage your computer. By enforcing certain security controls, you can be notified of any suspicious activity performing from files, lessening your risk to unknown or malicious sources.
Adobe checks:
Enhanced Security for Adobe Reader DC (Application) - A001
Enhanced Security for Adobe Reader DC (Web Browser) - A002
Enable Protected Mode - A003
Prevent Adobe Flash - A004
Prevent Attachments - A005
Cyber Health Check Manual
Take the first steps towards regaining control over your digital life with the Cyber Health Check. Additional and detailed information about each security control is provided in the included user manual.
Privacy Checks
Location Tracking - P001
Disabling location tracking increases privacy
WiFi Sense - P002
Why: Wi-Fi Sense automatically connects your computer to hotspots and networks.
How: Disabling automatic connection reduces exposure of your computer to unsecured networks as well as malicious systems.
Camera Access - P003
Why: Enabling camera functionality from lock screen may allow for unauthorized access.
How: By requiring user log on, you can ensure the device is only used by authorized personnel
Control LAN Manager Password Hash - P004
Why: The LAN Manager does not store passwords securely, and there are a multitude of tools to retrieve passwords stored by it.
How: By changing this setting, you can control if the password is stored in the Security Account Manager, reducing chances of your password being compromised.
Prevent Password-less Accounts - P005
Why: Password-less accounts allows unauthorized users to log on to a system using only a username.
How: Password policies will prevent these accounts from existing. However, if there are previous password-less accounts on the system, the account will be denied network access and will be limited to console use only.
Operating System
Windows SmartScreen - O001
Why: Enable Windows SmartScreen to require administrator approval before running software downloaded from unknown and untrusted sources. This will prevent users from executing potentially malicious malware.
Windows Installer Privileges - O002
Ensure that standard accounts are not granted Windows Installer privileges. Elevating privileges of all users allows for malicious users and applications to gain control of your computer.
To disable, navigate to your Control Panel
Windows Installer Scripts - O003
Ensure users are notified if a web-based program tries to install software. By doing so, you can prevent malicious software from being installed on your computer without your knowledge.
Windows Remote Management - O004
Prevent Windows Remote Management from using basic authentication which uses plaintext passwords which can compromise a system. By disabling this, you decrease the chances of having your password stolen and unauthorized access to your computer
Date Execution Prevention - O005
Configure the Data Execution Prevention to opt out which will prevent harmful code from running in memory locations reserved for Windows and other programs. By doing so, you remove risk of attackers running malicious code in critical areas.
Network
Private Profile - N001
Enabling private profile enables a firewall that provides a line of defense against attack, allowing or blocking inbound and outbound connections based on a set of rules. By doing so, you are able to control what your computer comes in contact with, decreasing chances of malicious software or connections.
Private Block - N002
Enabling private profile block on unsolicited inbound connections provides a line of defense against attack, allowing or blocking inbound and outbound connections based on a set of rules. By doing so, you are able to control what your computer comes in contact with, decreasing chances of malicious software or connections.
To disable, navigate to your Control Panel
Private Outbound Connections - N003
A firewall provides a line of defense against attack, allowing or blocking inbound and outbound connections based on a set of rules. By doing so, you are able to control what your computer comes in contact with, decreasing chances of malicious software or connections.
Public Unsolicited Inbound Connections - N004
Blocking unsolicited inbound connections provides a line of defense against attack, allowing or blocking inbound and outbound connections based on a set of rules. By doing so, you are able to control what your computer comes in contact with, decreasing chances of malicious software or connections.
Security Account Manager Remote Call - N005
Ensuring that only Administrators can make remote connections to the Security Account Manager, where passwords are stored, protects user credentials and lowers risk of unauthorized access.
Google Chrome
Block Outdated Plugins - C001
Outdated plugins can pose a security vulnerability threat by not complying with recent updated security standards.
Chrome Automatic Updates - C002
Enabling Chrome automatic updates allows for your web browser to stay up to date and secure. Older versions of Chrome may have security flaws that newer versions patched, and enabling automatic updates ensures that you are always secure.
To disable, navigate to your Control Panel
Disable Firewall Traversal - C003
Disabling firewall traversal makes it so that only pre-approved connections can be allowed. By doing so, you reduce your risk of coming into connections that may be malicious through Google Chrome.
Enforce Certification Revocation Checks - C004
Certification Revocation checks ensure that sites that you visit are trustworthy and that the site was certified as secure properly. By enforcing these checks, you can make sure that you don't potentially enter websites that are falsely identified as safe.
Disable Network Prediction - C005
Placeholder
Adobe
Enhanced Security for Adobe Reader DC (Application) - A001
Enhanced Security is an optional setting for Adobe Reader DC that warns you when a PDF tries to perform an action from a untrusted source or file. By enabling Enhanced Security, you can ensure that all actions performed by a PDF are safe, and reduce your exposure to malicious activity.
Enhanced Security for Adobe Reader DC (Web Browser) - A002
Enhanced Security is an optional setting for Adobe Reader DC that warns you when a PDF tries to perform an action from a untrusted source or file. By enabling Enhanced Security, you can ensure that all actions performed by a PDF are safe, and reduce your exposure to malicious activity.
To disable, navigate to your Control Panel
Enable Protected Mode - A003
Protected mode is an optional setting for Adobe PDF readers that run all PDFs in virtual environment and ensure that any actions done by the PDF don't affect your computer. By enabling this reduces your risk of malicious PDFs harming your computer.
Prevent Flash - A004
Adobe Flash is a now depreciated plugin that is still often used with Adobe PDF readers. Due to its age, there are exploits that malicious software or attackers may use to harm your computer. By disallowing Flash from running, you can protect yourself from potential malware attacks.
Prevent Attachments - A005
Attachments can be linked to a PDF you have received and may potentially be from malicious sources, and may try to trick you by being attached to a safe PDF. By disabling attachments, you can reduce the risk of outside sources and malicious attacks. However, this will also prevent attachments from a trusted source, so it is preferable to use on a case-by-case basis.
© 2018-2023