Book Image

Mastering Windows Security and Hardening

By : Mark Dunkerley, Matt Tumbarello
Book Image

Mastering Windows Security and Hardening

By: Mark Dunkerley, Matt Tumbarello

Overview of this book

Are you looking for effective ways to protect Windows-based systems from being compromised by unauthorized users? Mastering Windows Security and Hardening is a detailed guide that helps you gain expertise when implementing efficient security measures and creating robust defense solutions. We will begin with an introduction to Windows security fundamentals, baselining, and the importance of building a baseline for an organization. As you advance, you will learn how to effectively secure and harden your Windows-based system, protect identities, and even manage access. In the concluding chapters, the book will take you through testing, monitoring, and security operations. In addition to this, you’ll be equipped with the tools you need to ensure compliance and continuous monitoring through security operations. By the end of this book, you’ll have developed a full understanding of the processes and tools involved in securing and hardening your Windows environment.

Related Content you might be interested in

Current Title:

Small book image
Mastering Windows Security and Hardening
Mark Dunkerley | Matt Tumbarello
Jul, 2020 | 572 pages
Small book image
Mastering Microsoft Endpoint Manager
Per Larsen | Christiaan Brinkhoff
Oct, 2021 | 666 pages
Small book image
Windows 10 for Enterprise Administrators
Jeff Stokes | Manuel Singer | Richard Diver
Sep, 2017 | 314 pages
Small book image
Microsoft 365 Mobility and Security – Exam Guide MS-101
Nate Chamberlain
Nov, 2019 | 312 pages
Table of Contents (19 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Code in Action
Download the color images
Conventions used
Get in touch
Reviews
1
Section 1: Getting Started
Section 1: Getting Started
Free Chapter
2
Chapter 1: Fundamentals of Windows Security
Chapter 1: Fundamentals of Windows Security
Understanding the security transformation
Living in today's digital world
Today's threats
Identifying vulnerabilities
Recognizing breaches
Current security challenges
Implementing a Zero Trust approach
Summary
3
Chapter 2: Building a Baseline
Chapter 2: Building a Baseline
Introduction to baselining
Policies, standards, procedures, and guidelines
Incorporating change management
Implementing a security framework
Building baseline controls
Implementing a baseline
Incorporating best practices
Summary
4
Chapter 3: Server Infrastructure Management
Chapter 3: Server Infrastructure Management
Technical requirements
Overview of the data center and the cloud
Implementing access management in Windows servers
Understanding Windows Server management tools
Using Azure services to manage Windows servers
Summary
5
Chapter 4: End User Device Management
Chapter 4: End User Device Management
Technical requirements
Device management evolution
Device Imaging and Windows Autopilot
Microsoft Endpoint Configuration Manager
Intune Mobile Device Management (MDM)
Introducing Microsoft Endpoint Manager
Summary
6
Section 2: Applying Security and Hardening
Section 2: Applying Security and Hardening
7
Chapter 5: Hardware and Virtualization
Chapter 5: Hardware and Virtualization
Technical requirements
Physical servers and virtualization
Introduction to hardware certification
BIOS and UEFI, TPM 2.0, and Secure Boot
Advanced protection with VBS
Hardware security recommendations and best practices
Summary
8
Chapter 6: Network Fundamentals for Hardening Windows
Chapter 6: Network Fundamentals for Hardening Windows
Technical requirements
Network security fundamentals
Understanding Windows Network Security
Windows Defender Firewall and Advanced Security
Introducing Azure network security
Summary
9
Chapter 7: Identity and Access Management
Chapter 7: Identity and Access Management
Technical requirements
Identity and access management overview
Implementing account and access management
Understanding authentication, MFA, and going passwordless
Using Conditional Access and Identity Protection
Summary
10
Chapter 8: Administration and Remote Management
Chapter 8: Administration and Remote Management
Technical requirements
Understanding device administration
Enforcing policies with MDM
Building security baselines
Connecting securely to servers remotely
Introducing PowerShell security
Summary
11
Chapter 9: Keeping Your Windows Client Secure
Chapter 9: Keeping Your Windows Client Secure
Technical requirements
Securing your Windows clients
Introducing Windows Update for Business
Advanced Windows hardening configurations
Windows 10 privacy
Summary
12
Chapter 10: Keeping Your Windows Server Secure
Chapter 10: Keeping Your Windows Server Secure
Technical requirements
Windows Server versions
Installing Windows Server roles and features
Configuring Windows updates
Connecting to Microsoft Defender ATP
Hardening Windows Server
Deploying Windows Defender Application Control
Summary
13
Section 3: Protecting, Detecting, and Responding for Windows Environments
Section 3: Protecting, Detecting, and Responding for Windows Environments
14
Chapter 11: Security Monitoring and Reporting
Chapter 11: Security Monitoring and Reporting
Technical requirements
Monitoring with MDATP
Deploying Log Analytics
Monitoring with Azure Monitor and activity logs
Configuring ASC
Creating performance baselines
Summary
15
Chapter 12: Security Operations
Chapter 12: Security Operations
Technical requirements
Introducing the SOC
Using the M365 security portal
Using MCAS
Configuring Azure ATP
Investigating threats with Azure Security Center
Introducing Azure Sentinel
Microsoft Defender Security Center
Planning for business continuity and DR
Summary
16
Chapter 13: Testing and Auditing
Chapter 13: Testing and Auditing
Technical requirements
Validating controls
Vulnerability scanning
Planning for penetration testing
Security awareness and training
Summary
17
Chapter 14: Top 10 Recommendations and the Future
Chapter 14: Top 10 Recommendations and the Future
The 10 most important to-dos
The future of device security and management
Security and the future
Summary
18
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think

Configuring Azure ATP

Azure ATP is a cloud security service from Microsoft that's used to analyze domain network traffic. This solution is helpful for the SOC to identify attacks and malicious movements in your AD environment. Telemetry data is collected by installing the ATP sensor on a domain controller, which forwards that information to the Azure ATP cloud service for investigation using the ATP portal. The ATP portal is a unique instance to your tenant and has a similar style and feel to the other cloud-based security portals that Microsoft offers. The SOC team can use the portal to investigate alerts in a timeline view to correlate activity throughout different phases of the attack kill chain. The ATP sensor will capture the following information and forward it to the ATP service:

  • Domain controller network traffic
  • Windows events
  • Remote Authenticaion Dial-In User Service (RADIUS) account information for a VPN
  • User and computer data from AD

    Tip:

    In order...

Previous Section
End of Section 6
Next Section