Book Image

Mastering Windows Security and Hardening

By : Mark Dunkerley, Matt Tumbarello
Book Image

Mastering Windows Security and Hardening

By: Mark Dunkerley, Matt Tumbarello

Overview of this book

Are you looking for effective ways to protect Windows-based systems from being compromised by unauthorized users? Mastering Windows Security and Hardening is a detailed guide that helps you gain expertise when implementing efficient security measures and creating robust defense solutions. We will begin with an introduction to Windows security fundamentals, baselining, and the importance of building a baseline for an organization. As you advance, you will learn how to effectively secure and harden your Windows-based system, protect identities, and even manage access. In the concluding chapters, the book will take you through testing, monitoring, and security operations. In addition to this, you’ll be equipped with the tools you need to ensure compliance and continuous monitoring through security operations. By the end of this book, you’ll have developed a full understanding of the processes and tools involved in securing and hardening your Windows environment.
Table of Contents (19 chapters)
Section 1: Getting Started
Section 2: Applying Security and Hardening
Section 3: Protecting, Detecting, and Responding for Windows Environments

Current security challenges

By the time you finish reading through the chapter, you will have hopefully been provided with a sense of how important security has become today and the challenges that come with it. We are continually becoming more reliant on technology than ever before with no signs of slowing down. We have an expectancy of everything being digitized, and, as IoT begins to take off, everything around us will be connected to the internet, thus creating even more challenges to ensure security is efficient.

As we briefly covered earlier, attacks are becoming more and more sophisticated every day. There is an ever-growing army of bad actors working around the clock trying to breach any data they can get their hands on because the cost of private data is very expensive. With the advancement of cloud technology, supercomputers, and the reality of quantum computing coming to light, hackers and organized groups are easily able to crack passwords and their hashes much more easily, making them obsolete as the only factor of authentication. No one should be using only passwords anymore; however, the reality is, most still are. The same applies to encryption. The advancement of computers is making algorithms insecure with the ongoing need for stronger encryption. These are just some of the ongoing challenges we are faced with when protecting our assets.

Keeping up with vulnerabilities today is a full-time role. It's critical that we keep on top of what they are, and which Windows systems need to be updated. We will discuss the management of Windows updates later in the book, but having a program in place to manage the overwhelming amount of Windows updates is critical. Additionally, third-party applications will need to be carefully monitored and updated accordingly. An example of a commonly used application is Adobe Acrobat Reader DC to view PDFs. The following screenshot is a vulnerability report from Microsoft Defender Security Center. It provides a software inventory of all machines with the application installed and lists the number of vulnerabilities detected across all machines in your organization:

Figure 1.8 – Acrobat Reader DC identified vulnerabilities

Figure 1.8 – Acrobat Reader DC identified vulnerabilities

As you can see, out-of-date applications have critical known vulnerabilities that are used by attackers.

Most organizations are reluctant to release the latest Windows updates to their servers straight away because of the risk that a patch could break a production system. The downside to this is that your system will have a known vulnerability, which opens an opportunity for it to be exploited between the time of the patch release and the system being patched. Another challenge we are faced with is zero-day vulnerabilities. A zero-day vulnerability is one that has been identified but, currently, has no remediation or mitigation available from the vendor. Because of these challenges, it is critical we build in a layered defense strategy with our Windows clients and servers. For example, never make your database server accessible via the internet, encrypt the traffic to your web servers, and only open the ports needed to communicate, such as only allowing port 443 for secure (HTTPS) traffic only.

As we focus on securing Windows devices within our environments, we can't turn a blind eye to the fundamentals, including the overarching ecosystem that also needs to be considered when protecting your Windows devices. This book will cover a lot of detail on the specifics of securing and hardening your Windows systems and devices, but we also want to ensure the bigger picture is covered; for example, simple concepts of identity and access management. A user whose account has been compromised to allow an intruder on your Windows system has just made all the securing and hardening of that system irrelevant. The concept of weak physical access controls and policies could allow someone to simply walk into a server room and gain physical access to your systems. Other examples are allowing a developer to install an insecure web app with vulnerabilities on it, or a business that develops a process without security best practices in mind. All the controls you put in place with Windows become irrelevant as an educated hacker could use the web app or exploit a process as an attack vector to gain access to your system. These examples show the criticality of not only being familiar with how to secure and harden the Windows OS, but all the other factors that fall within a mature security platform to ensure your environment is as secure as possible. This, of course, doesn't come easily, and it is critical you stay current and continue to learn and learn and learn!

Managing and securing your Windows systems is not a simple task, especially if you are working toward securing them correctly. There is a lot involved, and in order to efficiently and effectively secure your Windows systems, you need well-defined policies, procedures, and standards in place along with a rigorous change control process to ensure anything that falls outside of the standards receives the appropriate approval to minimize risk. Full-time roles exist today to manage and secure your Windows systems along with specialized roles that are necessary to manage your Windows environments. Examples include Windows desktop engineers, Windows server engineers, Windows update administrators, Windows security administrators, Windows Intune/MDM engineers, and others. As part of these roles, it is critical that the staff are continuously educated and trained to provide the best security for Windows. The landscape is changing daily, and if your staff isn't dynamic or doesn't stay educated, mistakes and gaps will occur with your security posture.

Other tasks to think about that must be addressed with your Windows devices are inventory management, that is, ensuring you know where all your devices are and who has access to them. Even more important is ensuring that devices are collected upon any terminations, especially those pertaining to disgruntled employees. Enforcing policies on your Windows devices is also another challenge; for instance, how do you ensure all your devices have the latest policies and how can you ensure accurate reporting on non-compliant devices? Remote management can also be a challenge, that is, to make sure that not just anyone can remotely access your devices, including the auditing of support staff for anything that they shouldn't be doing. Running legacy applications on your Windows devices creates an instant security concern and making sure they are patched to the latest supported version is critical. This list goes on, and we will be diving in much greater detail in the following chapters to help provide the information you need to protect your Windows environment.

Before we move on to the last topic, one additional challenge that needs mentioning is Shadow IT. In short, Shadow IT is the setup and use of servers and infrastructure without IT or the security team's approval or knowledge, for example, a business function. This instantly creates a significant security concern as Windows systems will most likely be used with no standards or hardening in place. This can be a challenge to manage, but it is something that needs to be understood and prevented within any business.