Book Image

Mastering Windows Security and Hardening

By : Mark Dunkerley, Matt Tumbarello
Book Image

Mastering Windows Security and Hardening

By: Mark Dunkerley, Matt Tumbarello

Overview of this book

Are you looking for effective ways to protect Windows-based systems from being compromised by unauthorized users? Mastering Windows Security and Hardening is a detailed guide that helps you gain expertise when implementing efficient security measures and creating robust defense solutions. We will begin with an introduction to Windows security fundamentals, baselining, and the importance of building a baseline for an organization. As you advance, you will learn how to effectively secure and harden your Windows-based system, protect identities, and even manage access. In the concluding chapters, the book will take you through testing, monitoring, and security operations. In addition to this, you’ll be equipped with the tools you need to ensure compliance and continuous monitoring through security operations. By the end of this book, you’ll have developed a full understanding of the processes and tools involved in securing and hardening your Windows environment.
Table of Contents (19 chapters)
Section 1: Getting Started
Section 2: Applying Security and Hardening
Section 3: Protecting, Detecting, and Responding for Windows Environments


Throughout this book, you will be provided with the knowledge needed to protect your Windows environment and the users that access it. It will cover a variety of topics that go beyond the hardening of just the operating system, including the management of devices, baselining, hardware, virtualization, networking, identity management, security operations, monitoring, auditing, and testing. The goal is to ensure that you understand the foundation of and multiple layers involved in providing improved protection for your Windows systems.

Since this is a book about security, it's important to understand what the core principles are that form an information security model and foundation. These principles are known as the CIA triad, which represents confidentiality, integrity, and availability. If you have pursued a security certification, such as the CISSP or Security +, certification for example, you will be very familiar with this model. If not, it is recommended that you familiarize yourself with it as a security professional. This book will not go into detail about the CIA triad but, as with any security, the concepts provided in this book will help you to ensure the confidentiality, integrity, and availability of information on the Windows systems you manage. At a high level, CIA represents the following:

  • Confidentiality involves ensuring that no one other than those authorized access information.
  • Integrity involves ensuring that the information being protected is original and has not been modified without the correct authorization.
  • Availability involves ensuring that information is always available when access is needed.

The book is split into three sections to help guide you and provide the understanding and knowledge needed to implement a solid Windows security foundation within your organization. The first section provides an overview of the fundamentals, including an overview of the management tools for the Windows server and client environment, and a review of the management models used to manage Windows systems and the importance of each of them. This section will also cover the concept of baselining and the importance of following a standard with defined procedures and processes that have leadership support and sign-off.

In the second section, we will dive into the technical aspects of what is needed to apply security and hardening to your Windows environment. This section will not only provide the technical details of how to harden both the Windows server and client OS, but we will review all the different management scenarios and the importance of administration and remote management from a security standpoint. Most importantly, ensuring secure administration and the remote management of your Windows systems is vital. We will review the networking components as they relate to the hardening of Windows and then provide information about identity and access management and how critical the protection of identity has become in the digital world today.

The final section provides more of an operational focus on how to best protect and monitor your Windows environment. It is critical for your security program to not only implement the recommended security controls but validate that controls are in place. To do this effectively, we need to perform auditing and testing against the configurations implemented to harden Windows environments. In addition, it's just as important to monitor environments and provide reporting. We will look at an in-depth overview of the security operations program and discuss the tools that can be used for efficient incident management.

We will primarily focus on the most current versions of Windows available today, including Windows Server 2019, Windows 10, and the resources available within Microsoft Azure. We understand migrating to the latest Windows OS and shifting workloads from on-premises to the cloud is not an overnight task and may take years. In general, the concepts we provide throughout this book can be used within most configurations of Windows but could vary slightly depending on the build or version. Upgrading to the latest version of Windows is critical to the overall hardening of your systems and should be a driving factor to push your migrations forward. It is strongly recommended to upgrade as soon as possible as Microsoft will no longer release security patches or offer support for deprecated versions.