Book Image

Mastering Windows Security and Hardening

By : Mark Dunkerley, Matt Tumbarello
Book Image

Mastering Windows Security and Hardening

By: Mark Dunkerley, Matt Tumbarello

Overview of this book

Are you looking for effective ways to protect Windows-based systems from being compromised by unauthorized users? Mastering Windows Security and Hardening is a detailed guide that helps you gain expertise when implementing efficient security measures and creating robust defense solutions. We will begin with an introduction to Windows security fundamentals, baselining, and the importance of building a baseline for an organization. As you advance, you will learn how to effectively secure and harden your Windows-based system, protect identities, and even manage access. In the concluding chapters, the book will take you through testing, monitoring, and security operations. In addition to this, you’ll be equipped with the tools you need to ensure compliance and continuous monitoring through security operations. By the end of this book, you’ll have developed a full understanding of the processes and tools involved in securing and hardening your Windows environment.
Table of Contents (19 chapters)
Section 1: Getting Started
Section 2: Applying Security and Hardening
Section 3: Protecting, Detecting, and Responding for Windows Environments

Installing Windows Server roles and features

Roles and features add additional functionality to your environment. As you add roles, it is critical that hardening is also taken into consideration and understood. For example, hardening a Domain Controller (DC) will be different to that of an IIS web server. There will be some base similarities, but you need to understand what each of these roles and features provide and how to best secure them if they are to be enabled. Any mishandling could provide an opportunity for a hacker to exploit or infiltrate your environment.

The following roles are features in Windows Server 2019 that are available to help with securing and hardening your environment:

  • Active Directory Certificate Services
  • Active Directory Domain Services
  • Active Directory Federation Services
  • Active Directory Rights Management Services
  • Device Health Attestation
  • Host Guardian Service
  • Network Policy and Access Services
  • Remote Access
  • Remote...