Book Image

Mastering Windows Security and Hardening

By : Mark Dunkerley, Matt Tumbarello
Book Image

Mastering Windows Security and Hardening

By: Mark Dunkerley, Matt Tumbarello

Overview of this book

Are you looking for effective ways to protect Windows-based systems from being compromised by unauthorized users? Mastering Windows Security and Hardening is a detailed guide that helps you gain expertise when implementing efficient security measures and creating robust defense solutions. We will begin with an introduction to Windows security fundamentals, baselining, and the importance of building a baseline for an organization. As you advance, you will learn how to effectively secure and harden your Windows-based system, protect identities, and even manage access. In the concluding chapters, the book will take you through testing, monitoring, and security operations. In addition to this, you’ll be equipped with the tools you need to ensure compliance and continuous monitoring through security operations. By the end of this book, you’ll have developed a full understanding of the processes and tools involved in securing and hardening your Windows environment.
Table of Contents (19 chapters)
Section 1: Getting Started
Section 2: Applying Security and Hardening
Section 3: Protecting, Detecting, and Responding for Windows Environments

Chapter 13: Testing and Auditing

In this chapter, we will provide the details around testing and auditing your environment that will help validate and ensure that due diligence has been executed within your security program. The challenge we face when deploying recommendations, hardening, and baselines is proving that they are in place and doing what they are designed to do. The IT department as a program may have obligations to leadership, board stakeholders, shareholders, and regulators to prove that you have implemented the recommended controls depending on your business or industry. Helping with providing evidence is where testing and auditing comes into play. To prove that controls are in place is why we audit, and it is even better to have a third-party company execute the audit. We test to ensure that our controls are doing what they are designed to do. Without testing, we fail to validate whether the controls work.

The first section we will cover in this chapter is validating...