Book Image

Mastering Windows Security and Hardening

By : Mark Dunkerley, Matt Tumbarello
Book Image

Mastering Windows Security and Hardening

By: Mark Dunkerley, Matt Tumbarello

Overview of this book

Are you looking for effective ways to protect Windows-based systems from being compromised by unauthorized users? Mastering Windows Security and Hardening is a detailed guide that helps you gain expertise when implementing efficient security measures and creating robust defense solutions. We will begin with an introduction to Windows security fundamentals, baselining, and the importance of building a baseline for an organization. As you advance, you will learn how to effectively secure and harden your Windows-based system, protect identities, and even manage access. In the concluding chapters, the book will take you through testing, monitoring, and security operations. In addition to this, you’ll be equipped with the tools you need to ensure compliance and continuous monitoring through security operations. By the end of this book, you’ll have developed a full understanding of the processes and tools involved in securing and hardening your Windows environment.

Related Content you might be interested in

Current Title:

Small book image
Mastering Windows Security and Hardening
Mark Dunkerley | Matt Tumbarello
Jul, 2020 | 572 pages
Small book image
Mastering Microsoft Endpoint Manager
Per Larsen | Christiaan Brinkhoff
Oct, 2021 | 666 pages
Small book image
Windows 10 for Enterprise Administrators
Jeff Stokes | Manuel Singer | Richard Diver
Sep, 2017 | 314 pages
Small book image
Microsoft 365 Mobility and Security – Exam Guide MS-101
Nate Chamberlain
Nov, 2019 | 312 pages
Table of Contents (19 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Code in Action
Download the color images
Conventions used
Get in touch
Reviews
1
Section 1: Getting Started
Section 1: Getting Started
Free Chapter
2
Chapter 1: Fundamentals of Windows Security
Chapter 1: Fundamentals of Windows Security
Understanding the security transformation
Living in today's digital world
Today's threats
Identifying vulnerabilities
Recognizing breaches
Current security challenges
Implementing a Zero Trust approach
Summary
3
Chapter 2: Building a Baseline
Chapter 2: Building a Baseline
Introduction to baselining
Policies, standards, procedures, and guidelines
Incorporating change management
Implementing a security framework
Building baseline controls
Implementing a baseline
Incorporating best practices
Summary
4
Chapter 3: Server Infrastructure Management
Chapter 3: Server Infrastructure Management
Technical requirements
Overview of the data center and the cloud
Implementing access management in Windows servers
Understanding Windows Server management tools
Using Azure services to manage Windows servers
Summary
5
Chapter 4: End User Device Management
Chapter 4: End User Device Management
Technical requirements
Device management evolution
Device Imaging and Windows Autopilot
Microsoft Endpoint Configuration Manager
Intune Mobile Device Management (MDM)
Introducing Microsoft Endpoint Manager
Summary
6
Section 2: Applying Security and Hardening
Section 2: Applying Security and Hardening
7
Chapter 5: Hardware and Virtualization
Chapter 5: Hardware and Virtualization
Technical requirements
Physical servers and virtualization
Introduction to hardware certification
BIOS and UEFI, TPM 2.0, and Secure Boot
Advanced protection with VBS
Hardware security recommendations and best practices
Summary
8
Chapter 6: Network Fundamentals for Hardening Windows
Chapter 6: Network Fundamentals for Hardening Windows
Technical requirements
Network security fundamentals
Understanding Windows Network Security
Windows Defender Firewall and Advanced Security
Introducing Azure network security
Summary
9
Chapter 7: Identity and Access Management
Chapter 7: Identity and Access Management
Technical requirements
Identity and access management overview
Implementing account and access management
Understanding authentication, MFA, and going passwordless
Using Conditional Access and Identity Protection
Summary
10
Chapter 8: Administration and Remote Management
Chapter 8: Administration and Remote Management
Technical requirements
Understanding device administration
Enforcing policies with MDM
Building security baselines
Connecting securely to servers remotely
Introducing PowerShell security
Summary
11
Chapter 9: Keeping Your Windows Client Secure
Chapter 9: Keeping Your Windows Client Secure
Technical requirements
Securing your Windows clients
Introducing Windows Update for Business
Advanced Windows hardening configurations
Windows 10 privacy
Summary
12
Chapter 10: Keeping Your Windows Server Secure
Chapter 10: Keeping Your Windows Server Secure
Technical requirements
Windows Server versions
Installing Windows Server roles and features
Configuring Windows updates
Connecting to Microsoft Defender ATP
Hardening Windows Server
Deploying Windows Defender Application Control
Summary
13
Section 3: Protecting, Detecting, and Responding for Windows Environments
Section 3: Protecting, Detecting, and Responding for Windows Environments
14
Chapter 11: Security Monitoring and Reporting
Chapter 11: Security Monitoring and Reporting
Technical requirements
Monitoring with MDATP
Deploying Log Analytics
Monitoring with Azure Monitor and activity logs
Configuring ASC
Creating performance baselines
Summary
15
Chapter 12: Security Operations
Chapter 12: Security Operations
Technical requirements
Introducing the SOC
Using the M365 security portal
Using MCAS
Configuring Azure ATP
Investigating threats with Azure Security Center
Introducing Azure Sentinel
Microsoft Defender Security Center
Planning for business continuity and DR
Summary
16
Chapter 13: Testing and Auditing
Chapter 13: Testing and Auditing
Technical requirements
Validating controls
Vulnerability scanning
Planning for penetration testing
Security awareness and training
Summary
17
Chapter 14: Top 10 Recommendations and the Future
Chapter 14: Top 10 Recommendations and the Future
The 10 most important to-dos
The future of device security and management
Security and the future
Summary
18
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think

Today's threats

The threat landscape within the cyber world is extremely diverse and is continually becoming more complex. The task of protecting users, data, and systems is becoming more difficult and requires the advancement of even more intelligent tools to keep the bad actors out. Today, criminals are more sophisticated, and large groups have formed with significant financial backing to support the wrongdoings of these groups. The following is a list of cyber threats:

To shed some light on real-world examples of data breach sources today, Verizon has created a 2020 Data Breach Investigations Report (https://enterprise.verizon.com/resources/reports/dbir/). The report is built on a set of real-world data and contains some eye-opening data on attack sources:

  • External actors: 70%
  • Organized criminal groups: 55%
  • Internal actors: 30%
  • Partners: 1%
  • Multiple parties involved: 1%

The full report can be found here:

https://enterprise.verizon.com/resources/reports/2020-data-breach-investigations-report.pdf

There are many types of cyberattacks in the world today, and this creates a diverse set of challenges for organizations. While not all threats are Windows-specific, there's a chance that Windows is the median or attack vector in which an attacker gains access by exploiting a vulnerability. An example of this could be an unpatched OS or an out-of-date application. The following list contains many common types of threats that could cause damage directly from a vulnerability within the Windows OS or by using the Windows OS as an attack vector.

Malware is software or code designed with malicious intent that exploits vulnerabilities found within the system. The following types of threats are considered malware:

  • Adware
  • Spyware
  • Virus (polymorphic, multipartite, macro, or boot sector)
  • Worm
  • Trojan
  • Rootkit
  • Bots/botnets
  • Ransomware
  • Logic bomb

In addition to malware, the following are types of attack techniques that can be used to exploit vulnerabilities:

  • Keylogger
  • Phishing
  • Spear phishing
  • Whale phishing
  • SQL injection attack
  • Cross-Site Scripting (XSS)
  • Denial of Service (DoS)
  • Session hijacking
  • Man-in-the-Middle Attacks (MITM)
  • Password attacks (brute-force, dictionary, or birthday attacks)
  • Credential reuse
  • Identity theft
  • Advanced persistent threats
  • Distributed Denial of Service (DDoS)
  • Intellectual property theft
  • Shoulder surfing
  • Golden Ticket: Kerberos attacks

    Tip

    To learn more about the threats listed earlier, the National Institute of Standards and Technology (NIST) contains a glossary that provides more information on most, if not all, of the preceding list: https://csrc.nist.gov/glossary.

Previous Section
End of Section 4
Next Section