0

I have been asked to investigate what capabilities exist within Windows 10 where the environment for this system is isolated. I believe it would not be able to benefit from an enterprise security management and cloud data management (supporting assets are not available), which appears to be the assumed context when I look for cybersecurity at the Microsoft website.

Instead, I have an isolated network which may include several computers of various types. For the moment, I would assume any of these is vulnerable to security circumvention by a bad actor who has physical access, and they might leverage that access for an intrusion on the Windows 10 computer. I will assume that the bad actor has limited or no privileges on the Windows 10 computer.

The questions that are being asked are what are the available detection methods, responses, and recovery methods that are available on the Windows 10 computer? (I always like to ask what is the terminology I should be using in my search for answers to these questions?) If I can get an outline of the answers that would be a very good start.

Jim
  • 255
  • 1
  • 10
  • 2
    Once someone has physical access, all bets are off. – schroeder Mar 07 '22 at 08:31
  • I would urge you to start by considering what scenarios you want to include in your threat model. "Physical access" means they own the computer and can do anything; there is basically nothing you can do there aside from use full-disk encryption and hope they don't get access while the system is powered on. A more reasonable way to threat model the physical is to consider scenarios such as "moderately skilled opportunistic attacker with time-limited access to the device", rather than something quite so broad and impossible to control against. – Polynomial Mar 08 '22 at 01:49

0 Answers0