Book Image

Mastering Windows Security and Hardening

By : Mark Dunkerley, Matt Tumbarello
Book Image

Mastering Windows Security and Hardening

By: Mark Dunkerley, Matt Tumbarello

Overview of this book

Are you looking for effective ways to protect Windows-based systems from being compromised by unauthorized users? Mastering Windows Security and Hardening is a detailed guide that helps you gain expertise when implementing efficient security measures and creating robust defense solutions. We will begin with an introduction to Windows security fundamentals, baselining, and the importance of building a baseline for an organization. As you advance, you will learn how to effectively secure and harden your Windows-based system, protect identities, and even manage access. In the concluding chapters, the book will take you through testing, monitoring, and security operations. In addition to this, you’ll be equipped with the tools you need to ensure compliance and continuous monitoring through security operations. By the end of this book, you’ll have developed a full understanding of the processes and tools involved in securing and hardening your Windows environment.
Table of Contents (19 chapters)
Section 1: Getting Started
Section 2: Applying Security and Hardening
Section 3: Protecting, Detecting, and Responding for Windows Environments

Security awareness and training

One specific area of importance in the process is to ensure that you don't forget to test your users and provide them with training and an awareness of vulnerabilities. The human factor is one of the weakest links when it comes to security, and providing awareness is critical and something that is quite often overlooked.

There are three important components to consider for a robust employee security program. The first is testing, most commonly completed through phishing campaigns or an attack simulator. Secondly, we need to ensure that we provide a robust training program and keep a record of employees who have taken and passed the training. This shouldn't be a one-time event, but rather an ongoing event. Lastly, you need to provide awareness to your users as needed. Sending a weekly security communication with tips, tricks, and recommendations, or providing somewhere for users to learn more, such as on an internal portal, will help strengthen...