Book Image

Mastering Windows Security and Hardening

By : Mark Dunkerley, Matt Tumbarello
Book Image

Mastering Windows Security and Hardening

By: Mark Dunkerley, Matt Tumbarello

Overview of this book

Are you looking for effective ways to protect Windows-based systems from being compromised by unauthorized users? Mastering Windows Security and Hardening is a detailed guide that helps you gain expertise when implementing efficient security measures and creating robust defense solutions. We will begin with an introduction to Windows security fundamentals, baselining, and the importance of building a baseline for an organization. As you advance, you will learn how to effectively secure and harden your Windows-based system, protect identities, and even manage access. In the concluding chapters, the book will take you through testing, monitoring, and security operations. In addition to this, you’ll be equipped with the tools you need to ensure compliance and continuous monitoring through security operations. By the end of this book, you’ll have developed a full understanding of the processes and tools involved in securing and hardening your Windows environment.
Table of Contents (19 chapters)
Section 1: Getting Started
Section 2: Applying Security and Hardening
Section 3: Protecting, Detecting, and Responding for Windows Environments

Planning for penetration testing

Penetration testing is an extremely important function of your security program that shouldn't be overlooked these days. In general, penetration testing validates whether a risk exists by performing a specific task within your environment against systems, applications, devices, users, and so on to exploit the identified vulnerability and prove success. It is typically executed by a security professional who is skilled in hacking techniques and is commonly referred to as ethical hacking. The ethical hacker's role is to try and replicate what a malicious hacker would try to accomplish.

Penetration tests can be executed externally, to simulate an outside threat trying to break in, or internally, to simulate an insider threat and replicate a breach of your environment. There are many different types of penetration tests and they will typically cover the following areas:

  • Systems and servers
  • Web applications
  • Databases
  • Networks...