Book Image

Mastering Windows Security and Hardening

By : Mark Dunkerley, Matt Tumbarello
Book Image

Mastering Windows Security and Hardening

By: Mark Dunkerley, Matt Tumbarello

Overview of this book

Are you looking for effective ways to protect Windows-based systems from being compromised by unauthorized users? Mastering Windows Security and Hardening is a detailed guide that helps you gain expertise when implementing efficient security measures and creating robust defense solutions. We will begin with an introduction to Windows security fundamentals, baselining, and the importance of building a baseline for an organization. As you advance, you will learn how to effectively secure and harden your Windows-based system, protect identities, and even manage access. In the concluding chapters, the book will take you through testing, monitoring, and security operations. In addition to this, you’ll be equipped with the tools you need to ensure compliance and continuous monitoring through security operations. By the end of this book, you’ll have developed a full understanding of the processes and tools involved in securing and hardening your Windows environment.
Table of Contents (19 chapters)
1
Section 1: Getting Started
6
Section 2: Applying Security and Hardening
13
Section 3: Protecting, Detecting, and Responding for Windows Environments

Introducing PowerShell security

PowerShell has become one of the most popular tools in the sysadmin's toolbox in recent years. Its uses range from the ability to batch processes and build tools to automating repeatable tasks. There are many importable modules that allow interaction with a range of services such as Azure AD and Exchange Online. As a result, PowerShell can be exploited as an attack tool due to this flexibility. It has close interaction with various OS system-level components, such as Windows Management Instrumentation (WMI), and can avoid detection as it's a commonly used process. Out of the box, there are limited security measures enabled for PowerShell, so let's discuss what we can do to help secure its use.

Configuring PowerShell logging

There are a few types of logging that can be enabled for PowerShell to start logging events for auditing purposes. Some of the logging options include the following:

  • PowerShell Transcription allows Windows...