Book Image

Mastering Windows Security and Hardening

By : Mark Dunkerley, Matt Tumbarello
Book Image

Mastering Windows Security and Hardening

By: Mark Dunkerley, Matt Tumbarello

Overview of this book

Are you looking for effective ways to protect Windows-based systems from being compromised by unauthorized users? Mastering Windows Security and Hardening is a detailed guide that helps you gain expertise when implementing efficient security measures and creating robust defense solutions. We will begin with an introduction to Windows security fundamentals, baselining, and the importance of building a baseline for an organization. As you advance, you will learn how to effectively secure and harden your Windows-based system, protect identities, and even manage access. In the concluding chapters, the book will take you through testing, monitoring, and security operations. In addition to this, you’ll be equipped with the tools you need to ensure compliance and continuous monitoring through security operations. By the end of this book, you’ll have developed a full understanding of the processes and tools involved in securing and hardening your Windows environment.
Table of Contents (19 chapters)
Section 1: Getting Started
Section 2: Applying Security and Hardening
Section 3: Protecting, Detecting, and Responding for Windows Environments

What this book covers

Chapter 1, Fundamentals of Windows Security, provides an introduction to the security world within IT and enterprises. We will cover how security is transforming the way we manage technology and discuss threats and breaches that are relevant today. We will look at current challenges and discuss a concept known as zero trust.

Chapter 2, Building a Baseline, provides an overview of baselining and the importance of building a standard to be approved by leadership and adopted by everyone. We will cover what frameworks are and provide an overview of the more common frameworks for security and hardening an environment. We will then look at best practices within enterprises and cover the importance of change management to ensure that anything that falls outside the scope of policy receives the correct approvals.

Chapter 3, Server Infrastructure Management, provides an overview of the data center and cloud models that are used today. We will then go into detail on each of the current models as they pertain to the cloud and review secure access management to Windows Server. We will also provide an overview of Windows Server management tools, as well as Azure services for managing Windows servers.

Chapter 4, End User Device Management, provides an overview of the end user computing landscape. We will discuss the evolution of device management and review some major models that have emerged over the years. You will learn the importance of a centralized management solution as it pertains to security and how device management solutions are critical for a robust and compliant model. The management solutions covered include device imaging, Windows Autopilot, Microsoft Endpoint Configuration Manager (formerly SCCM), Intune Mobile Device Management (MDM), and Microsoft Endpoint Manager Admin Center.

Chapter 5, Hardware and Virtualization, provides an overview of physical servers and virtualization. The chapter will cover hardware certification, enhancements in hardware security, and Virtualization-Based Security (VBS) concepts to secure and harden devices, including BIOS, UEFI, TPM 2.0, Secure Boot, and advanced protection with VBS.

Chapter 6, Network Fundamentals for Hardening Windows, provides an overview of networking components and how they play a big role in hardening and securing your Windows environment. You will learn about Windows Defender Firewall and Advanced Security, Windows Defender Exploit Guard Network Protection, and how to configure them on your Windows devices. Additionally, you will be provided with the knowledge needed to understand the latest technology from Microsoft as it relates to network security for your Windows VMs in Azure.

Chapter 7, Identity and Access Management, provides a comprehensive overview of identity management and the importance it plays in securing and hardening your Windows systems. Identity has become the foundation of securing users – this chapter will cover everything you need to do within the identity and access management area. We will provide more details on account and access management, authentication, MFA, passwordless authentication, conditional access, and identity protection.

Chapter 8, Administration and Remote Management, provides details on different methods for administration and remote management as they relate to the Windows infrastructure. You will be provided with the knowledge needed to ensure that best practices are applied and will learn how to apply those best practices. The topics covered include enforcing policies with Configuration Manager and Intune, building security baselines, connecting securely to servers remotely, and an overview of PowerShell security.

Chapter 9, Keeping Your Windows Client Secure, covers Windows clients and the different solutions used to keep them secure and updated. You will also learn hardening techniques to secure exploits commonly used by attackers. The chapter also covers onboarding machines to Microsoft Defender ATP and Windows Update for Business, and provides details on advanced Windows hardening configurations for Windows 10 privacy.

Chapter 10, Keeping Your Windows Server Secure, looks at the Windows Server OS and introduces server roles and the security-related features of Windows Server 2019. You will learn about techniques used to keep your Windows server secure by implementing Windows Server Update Services (WSUS) and Azure Update Management, onboarding machines to Microsoft Defender ATP, and enforcing a security baseline. You will also learn how to deploy a Windows Defender application control policy.

Chapter 11, Security Monitoring and Reporting, talks about the different tools available that provide telemetry as well as insights and recommendations to help secure your environment. This chapter will inform you about the ways to act on recommendations to help secure your environment. Technologies covered include Microsoft Defender ATP, Log Analytics, Azure Monitor, and Azure Security Center.

Chapter 12, Security Operations, talks about the Security Operations Center (SOC) in an organization and discusses various tools used to ingest and analyze data to detect, protect, and alert you to incidents.

Chapter 13, Testing and Auditing, goes through validating that controls are in place and enforced. You will also learn about the importance of continual vulnerability scanning and testing in addition to the importance of penetration testing to ensure that the environment is assessed in terms of its ability to protect against the latest threats.

Chapter 14, Top 10 Recommendations and the Future, provides recommendations and actions to take away after reading this book. It also provides some insight into the direction of where the future of device security and management is headed, as well as some insight into our thoughts on the importance of security in the future.